How severe is CVE-2021-32642?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2021-32642?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2021-32642 - CRITICAL Severity | CVSS 9.4

Vulnerability Description

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.

Related Vulnerabilities

CVE-2016-1929

CRITICAL

CVSS:9.3(Critical)

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, relate...

CWE-202016

CVE-2018-4005

CRITICAL

CVSS:9.3(Critical)

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to rai...

CWE-202018

CVE-2018-4006

CRITICAL

CVSS:9.3(Critical)

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A use...

CWE-202018

CVE-2022-21796

CRITICAL

CVSS:9.3(Critical)

A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write....

CWE-202022

CVE-2024-6915

CRITICAL

CVSS:9.3(Critical)

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.

CWE-202024

CVE-2025-29814

CRITICAL

CVSS:9.3(Critical)

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

CWE-202025