Lucene search

F-SecureUSCVE-2021-40836

HistoryDec 22, 2021 - 12:15 p.m.

CVE-2021-40836

2021-12-2212:15:07

F-SecureUS

web.nvd.nist.gov

cve-2021-40836

f-secure

antivirus engine

denial-of-service

remote exploitation

ms outlook

.pst files

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

Affected configurations

Nvd

Node

f-secureatlant

f-secureinternet_gatekeeper

f-securelinux_securityx86

f-securelinux_security_64

Node

applemacosMatch-

microsoftwindowsMatch-

AND

f-secureelements_endpoint_detection_and_response

f-secureelements_endpoint_protection

VendorProductVersionCPE
f-secureatlant*cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*
f-secureinternet_gatekeeper*cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*
f-securelinux_security*cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*
f-securelinux_security_64*cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
f-secureelements_endpoint_detection_and_response*cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*
f-secureelements_endpoint_protection*cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f-secure	atlant	*	cpe:2.3:a:f-secure:atlant::::::::
f-secure	internet_gatekeeper	*	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
f-secure	linux_security	*	cpe:2.3:a:f-secure:linux_security:::::::x86:*
f-secure	linux_security_64	*	cpe:2.3:a:f-secure:linux_security_64::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
f-secure	elements_endpoint_detection_and_response	*	cpe:2.3:a:f-secure:elements_endpoint_detection_and_response::::::::
f-secure	elements_endpoint_protection	*	cpe:2.3:a:f-secure:elements_endpoint_protection::::::::

CNA Affected

[
  {
    "product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit)  F-Secure Linux Security 64  F-Secure Atlant & F-Secure Internet Gatekeeper",
    "vendor": "F-Secure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.f-secure.com/en/business/support-and-downloads/security-advisories

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for CVE-2021-40836