CVE-2021-43310

Summary

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.

Affected Software

VendorProductVersion RangeStatus
n/akeylimekeylime 6.3.0affected

Weaknesses

  • CWE-290: CWE-290

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References