How severe is CVE-2021-46390?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2021-46390?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2021-46390

MEDIUM Year: 2021

CVSS v3 Score

6.8

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-287

View all →

Vulnerability Description

An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values.

CVE-2014-2005

MEDIUM

CVSS:6.8(Medium)

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically ...

CWE-2872014

CVE-2016-4484

MEDIUM

CVSS:6.8(Medium)

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

CWE-2872016

CVE-2017-10709

MEDIUM

CVSS:6.8(Medium)

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

CWE-2872017

CVE-2017-12610

MEDIUM

CVSS:6.8(Medium)

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication wh...

CWE-2872017

CVE-2017-15351

MEDIUM

CVSS:6.8(Medium)

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in t...

CWE-2872017

CVE-2017-16242

MEDIUM

CVSS:6.8(Medium)

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access...

CWE-2872017

CVE-2021-46390

Vulnerability Description

Related Vulnerabilities

CVE-2014-2005

CVE-2016-4484

CVE-2017-10709

CVE-2017-12610

CVE-2017-15351

CVE-2017-16242