Reachable Assertion

CVE-2021-33600

Medium

5/10

Summary

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-617 - Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

Advisory Timeline

Published Sep 28, 2021

Reachable Assertion

CVE-2021-33600

Summary

CWE-617 - Reachable Assertion

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS