Impersonation Vulnerability in ThroughTek Kalay Platform 2.0 Network
CVE-2021-28372

8.3HIGH

Key Information:

Vendor

Throughtek

Status
Kalay P2p Software Development Kit
Vendor
CVE Published:
17 August 2021

What is CVE-2021-28372?

The vulnerability in ThroughTek's Kalay Platform 2.0 allows an attacker to impersonate any ThroughTek device by utilizing a valid 20-byte uniquely assigned identifier (UID). This exploitation enables the attacker to hijack the victim's connection, consequently compelling them to provide sensitive credentials essential for accessing their TUTK device. As a result, the integrity and security of user data become severely compromised. Steps should be taken to secure affected systems to prevent unauthorized access.

References

https://www.throughtek.com/kalay_overview.html
x_refsource_MISC
https://github.com/fireeye/Vulnerability-Disclosures/blob...
x_refsource_MISC
https://www.fireeye.com/blog/threat-research/2021/08/mand...
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.