VDB
CVE-2021-27565
CVE-2021-27565
PUBLISHED
CVSS 7.5 HIGH
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.
EPSS 2.42% · 85.4th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
2.42%
85.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| hcc-embedded | nichestack | 0 |
Timeline
- Aug 19, 2021 CVE Published
- Aug 20, 2021 EPSS Score
- Oct 17, 2021 EPSS Score
- Dec 15, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 11, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Aug 6, 2022 EPSS Score
- Oct 3, 2022 EPSS Score
- Nov 30, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
References
- https://www.hcc-embedded.com/ url
- https://www.hcc-embedded.com/about/about-interniche url
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ url
- VU#608209 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-27565 advisory
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack url
- https://www.hcc-embedded.com url