Published: 23/11/2021 Updated: 02/12/2021

CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Amazon Web Services Aws-c-io

Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.3.3), Python (versions before 1.5.18), C++ (versions before 1.12.7) and Node.js (versions before 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions before 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions before 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions before 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions before 1.5.3 on Microsoft Windows.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amazon amazon_web_services_aws-c-io
amazon amazon_web_services_internet_of_things_device_software_development_kit_v2

CWE-295 https://github.com/aws/aws-iot-device-sdk-js-v2 https://github.com/awslabs/aws-c-io/https://github.com/aws/aws-iot-device-sdk-python-v2 https://github.com/aws/aws-iot-device-sdk-cpp-v2 https://github.com/aws/aws-iot-device-sdk-java-v2 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-40828

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect