How severe is CVE-2021-40828?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-40828?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2021-40828 - HIGH Severity | CVSS 8.8

Vulnerability Description

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows.

Related Vulnerabilities

CVE-2017-11364

HIGH

CVSS:8.8(High)

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate ...

CWE-2952017

CVE-2017-3218

HIGH

CVSS:8.8(High)

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.

CWE-2952017

CVE-2017-3563

HIGH

CVSS:8.8(High)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vu...

CWE-2952017

CVE-2018-8059

HIGH

CVSS:8.8(High)

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no p...

CWE-2952018

CVE-2020-3342

HIGH

CVSS:8.8(High)

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerab...

CWE-2952020

CVE-2021-20695

HIGH

CVSS:8.8(High)

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vector...

CWE-2952021