Rewterz Threat Advisory – CVE-2021-3766 – Node.js Security Vulnerability
September 8, 2021Rewterz Threat Alert – FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
September 8, 2021Rewterz Threat Advisory – CVE-2021-3766 – Node.js Security Vulnerability
September 8, 2021Rewterz Threat Alert – FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
September 8, 2021Severity
High
Analysis Summary
CVE-2021-20594
A remote attacker can leverage a brute-force attack to acquire legitimate usernames registered in the module.
CVE-2021-20597
A remote attacker could obtain unprotected credentials by sniffing network traffic.
CVE-2021-20598
A remote attacker could lock out a legitimate user by continually attempting to login with a known username and incorrect passwords.
Impact
- Unauthorized Access
- Credential Theft
Affected Vendors
- Mitsubishi Electric
Affected Products
- R08/16/32/120SFCPU: All versions
- R08/16/32/120PSFCPU: All versions
Remediation
Refer to Cert-Cisa Advisory for the patch, upgrade, or suggested workaround information.