CVE-2021-44273
HIGHe2guardian 5.4.0-5.4.3r - Missing SSL Certificate Validation in MITM Engine
Title source: llmDescription
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/12/23/2
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/09/msg00010.html
Patch, Third Party Advisory
https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2
Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/e2guardian/e2guardian/issues/707
Scores
CVSS v3
7.4
EPSS
0.0096
EPSS Percentile
57.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
e2bn/e2guardian
5.4.0 - 5.4.3r
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026