cve-2021-40836
Vulnerability from cvelistv5
Published
2021-12-22 11:14
Modified
2024-08-04 02:51
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Summary
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
cve-notifications-us@f-secure.comhttps://www.f-secure.com/en/business/support-and-downloads/security-advisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.f-secure.com/en/business/support-and-downloads/security-advisoriesVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:51:07.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit)  F-Secure Linux Security 64  F-Secure Atlant \u0026 F-Secure Internet Gatekeeper",
          "vendor": "F-Secure",
          "versions": [
            {
              "status": "affected",
              "version": "All Version "
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service Vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-22T18:07:19",
        "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
        "shortName": "F-SecureUS"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Denial-of-Service (DoS) Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-notifications-us@f-secure.com",
          "ID": "CVE-2021-40836",
          "STATE": "PUBLIC",
          "TITLE": "Denial-of-Service (DoS) Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit)  F-Secure Linux Security 64  F-Secure Atlant \u0026 F-Secure Internet Gatekeeper",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "All Version "
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F-Secure"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service Vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
              "refsource": "MISC",
              "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
    "assignerShortName": "F-SecureUS",
    "cveId": "CVE-2021-40836",
    "datePublished": "2021-12-22T11:14:42",
    "dateReserved": "2021-09-09T00:00:00",
    "dateUpdated": "2024-08-04T02:51:07.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F6E1F2-02DA-48EE-B127-4933CCC80C5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"F0152E70-F7A9-4785-8A43-78472F9A2C13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"360DBC2B-2B93-461E-90C6-60C55FBD87B8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F97045C-E576-49D3-9630-072E26F7D64F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el an\\u00e1lisis de archivos .pst de MS outlook puede conllevar a una denegaci\\u00f3n de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con \\u00e9xito resultar\\u00e1 en una denegaci\\u00f3n de servicio del motor antivirus. Corregido en la actualizaci\\u00f3n Capricorn 13-12-2021_07\"}]",
      "id": "CVE-2021-40836",
      "lastModified": "2024-11-21T06:24:53.407",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-notifications-us@f-secure.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-12-22T12:15:07.827",
      "references": "[{\"url\": \"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\", \"source\": \"cve-notifications-us@f-secure.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve-notifications-us@f-secure.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-40836\",\"sourceIdentifier\":\"cve-notifications-us@f-secure.com\",\"published\":\"2021-12-22T12:15:07.827\",\"lastModified\":\"2024-11-21T06:24:53.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el an\u00e1lisis de archivos .pst de MS outlook puede conllevar a una denegaci\u00f3n de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio del motor antivirus. Corregido en la actualizaci\u00f3n Capricorn 13-12-2021_07\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-notifications-us@f-secure.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F6E1F2-02DA-48EE-B127-4933CCC80C5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"F0152E70-F7A9-4785-8A43-78472F9A2C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360DBC2B-2B93-461E-90C6-60C55FBD87B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F97045C-E576-49D3-9630-072E26F7D64F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\",\"source\":\"cve-notifications-us@f-secure.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.