VDB
CVE-2021-44273
CVE-2021-44273
PUBLISHED
CVSS 7.400000095367432 HIGH
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
EPSS 0.17% · 37.7th percentile
Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.17%
37.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| e2bn | e2guardian | 5.4.0 |
Timeline
- Dec 23, 2021 CVE Published
- Dec 24, 2021 EPSS Score
- Feb 16, 2022 EPSS Score
- Apr 11, 2022 EPSS Score
- Jun 4, 2022 EPSS Score
- Jul 29, 2022 EPSS Score
- Sep 21, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
References
- https://github.com/e2guardian/e2guardian/issues/707 url
- https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 url
- [oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames mailing-list
- [debian-lts-announce] 20230912 [SECURITY] [DLA 3564-1] e2guardian security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2021-44273 advisory