CVE-2021-28123

CRITICAL

Cohesity DataPlatform <6.3.1g, 6.4-6.4.1c, 6.5.1-6.5.1b - RCE

Title source: llm

Description

Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.

References (1)

[Third Party Advisory] https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28123.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0084

EPSS Percentile 74.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (1)

cohesity/cohesity_dataplatform 6.3 - 6.3.1g

Published Apr 02, 2021

Tracked Since Feb 18, 2026