CVE-2021-21905 – This CVE describes a stack-based buffer overflo... (How to Fix)

Q: What is the severity of CVE-2021-21905?

CVE-2021-21905 has a CVSS score of 7.2 (HIGH). This CVE describes a stack-based buffer overflow in the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0, allowing authenticated attackers to execute arbitrary code via crafted commands sent over TCP port 6877. It affects users of Garrett iC Module CMA Version 5.0 with the CMA Connect GUI client interface enabled.

📋 TL;DR

This CVE describes a stack-based buffer overflow in the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0, allowing authenticated attackers to execute arbitrary code via crafted commands sent over TCP port 6877. It affects users of Garrett iC Module CMA Version 5.0 with the CMA Connect GUI client interface enabled.

💻 Affected Systems

Products:

Garrett Metal Detectors iC Module CMA

Versions: Version 5.0

Operating Systems: Not specified, likely embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the CMA Connect GUI client interface to be active and accessible over TCP port 6877.

📦 What is this software?

Ic Module Cma by Garrett

View all CVEs affecting Ic Module Cma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to remote code execution, device manipulation, or data exfiltration.

🟠

Likely Case

Unauthorized access and control of the metal detector module, potentially disrupting operations.

🟢

If Mitigated

Limited impact if authentication is strong and network access is restricted, though buffer overflow risk remains.

🌐 Internet-Facing: HIGH if the device is exposed to the internet, as it uses a plaintext authenticated CLI over TCP.

🏢 Internal Only: MEDIUM if internal network access is controlled, but authenticated users could still exploit it.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authentication, but buffer overflow details are publicly disclosed in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not provided in input; check Garrett Metal Detectors for updates.

Restart Required: No

Instructions:

No official patch available; rely on workarounds and risk reduction steps.

🔧 Temporary Workarounds

Restrict Network Access

all

Block TCP port 6877 at firewalls to prevent external and unauthorized internal access.

iptables -A INPUT -p tcp --dport 6877 -j DROP (Linux)
netsh advfirewall firewall add rule name="Block Port 6877" dir=in action=block protocol=TCP localport=6877 (Windows)

Disable CMA Connect Interface

all

Turn off the CMA Connect GUI client interface if not required for operations.

Consult device manual or vendor for specific disable commands; may involve configuration changes.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks.
Enforce strong authentication policies and monitor for unusual activity on port 6877.

🔍 How to Verify

Check if Vulnerable:

Check if Garrett iC Module CMA Version 5.0 is running and if TCP port 6877 is open and accessible.

Check Version:

Consult device interface or vendor documentation; no standard command provided.

Verify Fix Applied:

Verify that port 6877 is closed or access is blocked, and confirm no unauthorized connections are established.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts or command patterns on port 6877 logs.

Network Indicators:

Traffic to/from TCP port 6877, especially from unexpected sources.

SIEM Query:

Example: 'source_port:6877 OR dest_port:6877' to monitor for related network events.

📊 Metadata

CVE ID: CVE-2021-21905

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: December 22, 2021

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21905, you might also want to check these: