CVE-2021-3436

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-694
View all →

Vulnerability Description

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63

Related Vulnerabilities

CVE-2023-20100

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could ...

CWE-6942023

CVE-2024-41146

MEDIUM
CVSS:4.6(Medium)

Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform...

CWE-6942024

CVE-2023-20100

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could ...

CWE-6942023

CVE-2024-41146

MEDIUM
CVSS:4.6(Medium)

Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform...

CWE-6942024

CVE-2022-23721

LOW
CVSS:3.3(Low)

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machi...

CWE-6942022