CVE-2021-33597 - OpenCVE

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
F-secure	Business Suite Client Security Linux Security Elements Endpoint Protection
Microsoft	Windows
Apple	Macos

Configuration 1 [-]

OR	cpe:2.3:a:f-secure:client_security:-::::premium:::
	cpe:2.3:a:f-secure:client_security:-::::standard:::
	cpe:2.3:a:f-secure:linux_security:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:f-secure:business_suite:-:::::::*
	cpe:2.3:a:f-secure:elements_endpoint_protection:-:::::::*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

References

Link	Resource
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame	Not Applicable Vendor Advisory
https://www.f-secure.com/en/business/support-and-downloads/security-advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2021-08-05T19:38:03

Updated: 2021-08-05T19:38:03

Reserved: 2021-05-27T00:00:00

Link: CVE-2021-33597

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-05T20:15:09.213

Modified: 2021-08-12T18:17:47.300

Link: CVE-2021-33597

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "F-Secure endpoint protection products on Windows, Mac and Linux Security", "vendor": "F-Secure", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-05T19:38:03", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}], "solutions": [{"lang": "en", "value": "The required fix has been published through an automatic update channel with Database \"Capricorn update 2021-07-26_07\"."}], "source": {"discovery": "EXTERNAL"}, "title": "Denial-of-Service (DoS) Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-33597", "STATE": "PUBLIC", "TITLE": "Denial-of-Service (DoS) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure endpoint protection products on Windows, Mac and Linux Security", "version": {"version_data": [{"version_affected": "=", "version_value": "All Version "}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability "}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}]}, "solution": [{"lang": "en", "value": "The required fix has been published through an automatic update channel with Database \"Capricorn update 2021-07-26_07\"."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2021-33597", "datePublished": "2021-08-05T19:38:03", "dateReserved": "2021-05-27T00:00:00", "dateUpdated": "2021-08-05T19:38:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:client_security:-:*:*:*:premium:*:*:*", "matchCriteriaId": "D26E8064-BFC3-4542-BEE8-D4660B25347B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:client_security:-:*:*:*:standard:*:*:*", "matchCriteriaId": "305A8404-8362-4F44-9C77-983C819E7C11", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:business_suite:-:*:*:*:*:*:*:*", "matchCriteriaId": "D95F0190-91D5-4E65-88CB-993F1BD2CB16", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en F-Secure Atlant por la que el componente SAVAPI usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos fuzzed. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio (DoS) del motor Antivirus"}], "id": "CVE-2021-33597", "lastModified": "2021-08-12T18:17:47.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}]}, "published": "2021-08-05T20:15:09.213", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}