First published: Wed Jun 16 2021(Updated: )
The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Thalesgroup Sentinel Ldk Run-time Environment | <=7.6 | |
Thales Sentinel LDK Run-Time Environment | <=7.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-32928.
The severity of CVE-2021-32928 is critical with a CVSS score of 9.8.
The affected software is Thalesgroup Sentinel Ldk Run-time Environment version up to and including 7.6.
This vulnerability poses a high risk as it allows incoming connections from private networks using TCP Port 1947.
To fix CVE-2021-32928, you should uninstall the Sentinel LDK Run-Time Environment and manually close Port 1947.