cvelistv5 - CVE-2021-35053

CVE-2021-35053 (GCVE-0-2021-35053)

Vulnerability from cvelistv5 – Published: 2021-11-03 19:11 – Updated: 2024-08-04 00:33

Summary

Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.

Severity ?

No CVSS data available.

CWE

Assigner

Kaspersky

References

URL

Tags

	https://support.kaspersky.com/general/vulnerabili…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Kaspersky Endpoint Security for Windows	Affected: KES versions from 11.1 to 11.6 (inclusively)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:33:50.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kaspersky Endpoint Security for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "KES versions from 11.1 to 11.6 (inclusively)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-04T12:06:12",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerability@kaspersky.com",
          "ID": "CVE-2021-35053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kaspersky Endpoint Security for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "KES versions from 11.1 to 11.6 (inclusively)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021",
              "refsource": "MISC",
              "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2021-35053",
    "datePublished": "2021-11-03T19:11:26",
    "dateReserved": "2021-06-18T00:00:00",
    "dateUpdated": "2024-08-04T00:33:50.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1.0\", \"versionEndIncluding\": \"11.6.0\", \"matchCriteriaId\": \"C1EAF339-B9C2-4F0D-BAC0-DA29D3BE860D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.\"}, {\"lang\": \"es\", \"value\": \"Una posible denegaci\\u00f3n de servicio del sistema en caso de cambio arbitrario de los par\\u00e1metros del navegador Firefox. Un atacante podr\\u00eda cambiar un archivo espec\\u00edfico de par\\u00e1metros del navegador Firefox de una manera determinada y luego reiniciar el sistema para hacer que el sistema no pueda arrancar\"}]",
      "id": "CVE-2021-35053",
      "lastModified": "2024-11-21T06:11:45.347",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-11-03T20:15:08.347",
      "references": "[{\"url\": \"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021\", \"source\": \"vulnerability@kaspersky.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-1280/\", \"source\": \"vulnerability@kaspersky.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-22-431/\", \"source\": \"vulnerability@kaspersky.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-1280/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-22-431/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "vulnerability@kaspersky.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-35053\",\"sourceIdentifier\":\"vulnerability@kaspersky.com\",\"published\":\"2021-11-03T20:15:08.347\",\"lastModified\":\"2024-11-21T06:11:45.347\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.\"},{\"lang\":\"es\",\"value\":\"Una posible denegaci\u00f3n de servicio del sistema en caso de cambio arbitrario de los par\u00e1metros del navegador Firefox. Un atacante podr\u00eda cambiar un archivo espec\u00edfico de par\u00e1metros del navegador Firefox de una manera determinada y luego reiniciar el sistema para hacer que el sistema no pueda arrancar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.6.0\",\"matchCriteriaId\":\"C1EAF339-B9C2-4F0D-BAC0-DA29D3BE860D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021\",\"source\":\"vulnerability@kaspersky.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1280/\",\"source\":\"vulnerability@kaspersky.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-431/\",\"source\":\"vulnerability@kaspersky.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1280/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-431/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2021-AVI-839

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Kaspersky. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Kaspersky	N/A	Kaspersky Security Cloud versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Anti-Virus versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Total Security versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Internet Security versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Endpoint Security versions 11.1 à 11.6 (incluses)
Kaspersky	N/A	Kaspersky Small Office Security versions antérieures à 21.3.10.391

References

Title

Publication Time

Tags

Bulletin de sécurité Kaspersky du 01 novembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Kaspersky Security Cloud versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Anti-Virus versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Total Security versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Internet Security versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Endpoint Security versions 11.1 \u00e0 11.6 (incluses)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Small Office Security versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-35053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35053"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-839",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nKaspersky. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Kaspersky",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Kaspersky du 01 novembre 2021",
      "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
    }
  ]
}

CERTFR-2021-AVI-839

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Kaspersky. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Kaspersky	N/A	Kaspersky Security Cloud versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Anti-Virus versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Total Security versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Internet Security versions antérieures à 21.3.10.391
Kaspersky	N/A	Kaspersky Endpoint Security versions 11.1 à 11.6 (incluses)
Kaspersky	N/A	Kaspersky Small Office Security versions antérieures à 21.3.10.391

References

Title

Publication Time

Tags

Bulletin de sécurité Kaspersky du 01 novembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Kaspersky Security Cloud versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Anti-Virus versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Total Security versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Internet Security versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Endpoint Security versions 11.1 \u00e0 11.6 (incluses)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    },
    {
      "description": "Kaspersky Small Office Security versions ant\u00e9rieures \u00e0 21.3.10.391",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-35053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35053"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-839",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nKaspersky. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Kaspersky",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Kaspersky du 01 novembre 2021",
      "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
    }
  ]
}

FKIE_CVE-2021-35053

Vulnerability from fkie_nvd - Published: 2021-11-03 20:15 - Updated: 2024-11-21 06:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
vulnerability@kaspersky.com	https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021	Broken Link
vulnerability@kaspersky.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1280/	Third Party Advisory, VDB Entry
vulnerability@kaspersky.com	https://www.zerodayinitiative.com/advisories/ZDI-22-431/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1280/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-431/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	kaspersky	endpoint_security	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1EAF339-B9C2-4F0D-BAC0-DA29D3BE860D",
              "versionEndIncluding": "11.6.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
    },
    {
      "lang": "es",
      "value": "Una posible denegaci\u00f3n de servicio del sistema en caso de cambio arbitrario de los par\u00e1metros del navegador Firefox. Un atacante podr\u00eda cambiar un archivo espec\u00edfico de par\u00e1metros del navegador Firefox de una manera determinada y luego reiniciar el sistema para hacer que el sistema no pueda arrancar"
    }
  ],
  "id": "CVE-2021-35053",
  "lastModified": "2024-11-21T06:11:45.347",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-11-03T20:15:08.347",
  "references": [
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
    }
  ],
  "sourceIdentifier": "vulnerability@kaspersky.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CC54-3GHQ-HP7J

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-35053"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-03T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.",
  "id": "GHSA-cc54-3ghq-hp7j",
  "modified": "2022-05-24T19:19:31Z",
  "published": "2022-05-24T19:19:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35053"
    },
    {
      "type": "WEB",
      "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-35053

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-35053

Aliases

CVE-2021-35053

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-35053",
    "description": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.",
    "id": "GSD-2021-35053"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-35053"
      ],
      "details": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.",
      "id": "GSD-2021-35053",
      "modified": "2023-12-13T01:23:28.056390Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnerability@kaspersky.com",
        "ID": "CVE-2021-35053",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Kaspersky Endpoint Security for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "KES versions from 11.1 to 11.6 (inclusively)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "DoS"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021",
            "refsource": "MISC",
            "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.6.0",
                    "versionStartIncluding": "11.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerability@kaspersky.com",
          "ID": "CVE-2021-35053"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-29T13:53Z",
      "publishedDate": "2021-11-03T20:15Z"
    }
  }
}

CNVD-2021-89693

Vulnerability from cnvd - Published: 2021-11-22

Title

Mozilla Firefox拒绝服务漏洞（CNVD-2021-89693）

Description

Mozilla Firefox，中文俗称“火狐”，是一个由Mozilla开发的使用Gecko排版引擎，支持多种操作系统，自由及开放源代码的网页浏览器。 Mozilla Firefox存在拒绝服务漏洞。当任意更改 Firefox 浏览器参数的情况下可能导致系统拒绝服务。攻击者可以利用该漏洞更改特定的Firefox浏览器参数文件，然后重新启动系统，使系统无法启动，危害系统安全。

Severity

高

Patch Name

Mozilla Firefox拒绝服务漏洞（CNVD-2021-89693）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/zh-CN/firefox/new/

Reference

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021

Impacted products

Name
Mozilla Firefox

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-35053",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-35053"
    }
  },
  "description": "Mozilla Firefox\uff0c\u4e2d\u6587\u4fd7\u79f0\u201c\u706b\u72d0\u201d\uff0c\u662f\u4e00\u4e2a\u7531Mozilla\u5f00\u53d1\u7684\u4f7f\u7528Gecko\u6392\u7248\u5f15\u64ce\uff0c\u652f\u6301\u591a\u79cd\u64cd\u4f5c\u7cfb\u7edf\uff0c\u81ea\u7531\u53ca\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u7f51\u9875\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53\u4efb\u610f\u66f4\u6539 Firefox \u6d4f\u89c8\u5668\u53c2\u6570\u7684\u60c5\u51b5\u4e0b\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u62d2\u7edd\u670d\u52a1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7279\u5b9a\u7684Firefox\u6d4f\u89c8\u5668\u53c2\u6570\u6587\u4ef6\uff0c\u7136\u540e\u91cd\u65b0\u542f\u52a8\u7cfb\u7edf\uff0c\u4f7f\u7cfb\u7edf\u65e0\u6cd5\u542f\u52a8\uff0c\u5371\u5bb3\u7cfb\u7edf\u5b89\u5168\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/zh-CN/firefox/new/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-89693",
  "openTime": "2021-11-22",
  "patchDescription": "Mozilla Firefox\uff0c\u4e2d\u6587\u4fd7\u79f0\u201c\u706b\u72d0\u201d\uff0c\u662f\u4e00\u4e2a\u7531Mozilla\u5f00\u53d1\u7684\u4f7f\u7528Gecko\u6392\u7248\u5f15\u64ce\uff0c\u652f\u6301\u591a\u79cd\u64cd\u4f5c\u7cfb\u7edf\uff0c\u81ea\u7531\u53ca\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u7f51\u9875\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53\u4efb\u610f\u66f4\u6539 Firefox \u6d4f\u89c8\u5668\u53c2\u6570\u7684\u60c5\u51b5\u4e0b\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u62d2\u7edd\u670d\u52a1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7279\u5b9a\u7684Firefox\u6d4f\u89c8\u5668\u53c2\u6570\u6587\u4ef6\uff0c\u7136\u540e\u91cd\u65b0\u542f\u52a8\u7cfb\u7edf\uff0c\u4f7f\u7cfb\u7edf\u65e0\u6cd5\u542f\u52a8\uff0c\u5371\u5bb3\u7cfb\u7edf\u5b89\u5168\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-89693\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox"
  },
  "referenceLink": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021",
  "serverity": "\u9ad8",
  "submitTime": "2021-11-05",
  "title": "Mozilla Firefox\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-89693\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-35053 (GCVE-0-2021-35053)

CERTFR-2021-AVI-839

Solution

CERTFR-2021-AVI-839

Solution

FKIE_CVE-2021-35053

GHSA-CC54-3GHQ-HP7J

GSD-2021-35053

CNVD-2021-89693

Tags

Sightings

Nomenclature