Login Sign Up

CVE-2021-45856

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2021-45856 is a buffer overflow vulnerability in the telnet service of Accu-Time Systems MAXIMUS 1.0 time and attendance systems. Attackers can send specially crafted packets to crash the telnet service, causing denial of service. Organizations using MAXIMUS 1.0 systems with telnet enabled are affected.

💻 Affected Systems

Products:
  • Accu-Time Systems MAXIMUS
Versions: Version 1.0
Operating Systems: Embedded system OS specific to MAXIMUS hardware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with telnet service enabled. The vulnerability is in the telnet daemon implementation.

📦 What is this software?

Maximus Firmware by Accu Time

View all CVEs affecting Maximus Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to telnet service crash, potentially disrupting time tracking and payroll operations.

🟠

Likely Case

Telnet service becomes unresponsive, requiring manual restart and causing temporary service disruption.

🟢

If Mitigated

Minimal impact if telnet is disabled or network access is restricted.

🌐 Internet-Facing: HIGH - Telnet is typically internet-facing and vulnerable to unauthenticated remote attacks.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to cause service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept exploit code is publicly available on Packet Storm. Exploitation requires sending malformed telnet packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact Accu-Time Systems for potential firmware updates or mitigation guidance.

🔧 Temporary Workarounds

Disable Telnet Service

all

Completely disable the telnet service if remote access is not required.

Consult MAXIMUS system administration guide for telnet disable procedure

Restrict Network Access

linux

Use firewall rules to restrict access to telnet port (default TCP 23) to trusted IPs only.

iptables -A INPUT -p tcp --dport 23 -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate MAXIMUS systems from untrusted networks
  • Monitor telnet service logs for crash events and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check if MAXIMUS 1.0 is running with telnet service enabled on port 23. Attempt to connect via telnet to verify service availability.

Check Version:

Check system firmware version through MAXIMUS web interface or console: System > About or similar menu

Verify Fix Applied:

Verify telnet service is disabled or inaccessible. Test with telnet client to confirm connection refusal.

📡 Detection & Monitoring

Log Indicators:

  • Telnet service crash logs
  • Unexpected telnet connection attempts
  • System restart events following telnet activity

Network Indicators:

  • Multiple connection attempts to TCP port 23
  • Malformed telnet packets detected by IDS/IPS

SIEM Query:

source="MAXIMUS" AND (event="telnet_crash" OR event="service_stop")

📊 Metadata

CVE ID: CVE-2021-45856
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: January 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45856, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)