Vulnerability Description
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E2Bn | E2Guardian | >= 5.4.0, <= 5.4.3r |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/12/23/2Mailing ListThird Party Advisory
- https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca9PatchThird Party Advisory
- https://github.com/e2guardian/e2guardian/issues/707ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2023/09/msg00010.html
- http://www.openwall.com/lists/oss-security/2021/12/23/2Mailing ListThird Party Advisory
- https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca9PatchThird Party Advisory
- https://github.com/e2guardian/e2guardian/issues/707ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2023/09/msg00010.html
FAQ
What is CVE-2021-44273?
CVE-2021-44273 is a vulnerability with a CVSS score of 7.4 (HIGH). e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2gua...
How severe is CVE-2021-44273?
CVE-2021-44273 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44273?
Check the references section above for vendor advisories and patch information. Affected products include: E2Bn E2Guardian.