Reachable Assertion

CVE-2021-33600

High

7.5/10

Summary

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-617 - Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

Advisory Timeline

Published Sep 28, 2021

Reachable Assertion

CVE-2021-33600

Summary

CWE-617 - Reachable Assertion

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS