CVE-2021-27662: KT-1 Capture-replay
First published: Wed Sep 15 2021(Updated: )
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01
Credit: productsecurity@jci.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Johnsoncontrols Kantech Kt-1 Door Controller Firmware | <=3.01 | |
| Johnsoncontrols Kantech Kt-1 Door Controller |
Remedy
Upgrade the KT-1 controller to version 3.04 and upgrade EntraPass to version 8.40.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-27662.
What is the severity of CVE-2021-27662?
The severity of CVE-2021-27662 is high (8.1).
What is the affected software?
The affected software is Johnson Controls KT-1 door controller firmware versions up to and including 3.01.
What are the possible impacts of this vulnerability?
This vulnerability allows an attacker to perform replay or man-in-the-middle attacks by recording and replaying TCP packets.
Are there any solutions or patches available?
Please refer to the Johnson Controls security advisory for information on available solutions or patches.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/johnsoncontrols
- canonical/johnsoncontrols kantech kt-1 door controller firmware
- version/johnsoncontrols kantech kt-1 door controller firmware/3.01
- canonical/johnsoncontrols kantech kt-1 door controller