CVE-2021-38487

Summary

RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.

Affected Software

VendorProductVersion RangeStatus
RTIConnext Professional4.1 < 6.1.0affected
RTIConnext Micro4.0.0 < 4.0.*affected
RTIConnext Micro3.0.0 < 3.0.*affected
RTIConnext Micro2.4.0 < 2.4.*affected

Weaknesses

  • CWE-406: CWE-406 Insufficient Control of Network Message Volume (Network Amplification)
  • CWE-923: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References