VDB
CVE-2021-42073
CVE-2021-42073
PUBLISHED
CVSS 5.800000190734863 MEDIUM
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
EPSS 0.61% · 70.2th percentile
Risk Scores
CVSS 2.0
5.800000190734863
EPSS Score
0.61%
70.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| barrier_project | barrier | 0 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2021/11/02/4 (nist-nvd)
- https://github.com/debauchee/barrier/releases/tag/v2.4.0 (circl)
- https://github.com/debauchee/barrier/commit/b5adc93e2bd74cb094f91ff595c07f321a489f3e (circl)
- https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc (circl)
Timeline
- Nov 8, 2021 CVE Published
- Nov 8, 2021 EPSS Score
- Jan 3, 2022 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 24, 2022 EPSS Score
- Jun 18, 2022 EPSS Score
- Aug 14, 2022 EPSS Score
- Oct 9, 2022 EPSS Score
- Dec 3, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
References
- [oss-security] 20211102 Barrier "software KVM switch" multiple remote security issues mailing-list
- https://github.com/debauchee/barrier/releases/tag/v2.4.0 url
- https://github.com/debauchee/barrier/commit/b5adc93e2bd74cb094f91ff595c07f321a489f3e url
- https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc url
- https://nvd.nist.gov/vuln/detail/CVE-2021-42073 advisory