CVE-2021-43310
First published: Wed Sep 21 2022(Updated: )
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Keylime Keylime | <6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2021-43310.
What is the severity level of CVE-2021-43310?
The severity level of CVE-2021-43310 is critical.
What is the affected software version of CVE-2021-43310?
The affected software version of CVE-2021-43310 is Keylime before 6.3.0.
How does CVE-2021-43310 impact the system?
CVE-2021-43310 allows an attacker to reset the U and V keys, potentially leading to remote code execution.
Where can I find more information about CVE-2021-43310?
You can find more information about CVE-2021-43310 at the following references: [link 1](https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r) and [link 2](https://seclists.org/oss-sec/2022/q1/101).
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/event
- agent/references
- agent/type
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/keylime
- canonical/keylime keylime