Search for vulnerabilities
Vulnerability details: VCID-bdw7-d7up-aaaf
Vulnerability ID VCID-bdw7-d7up-aaaf
Aliases CVE-2021-4189
Summary A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-252 Unchecked Return Value
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3254
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1663
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1821
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1986
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4189.json
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
epss 0.01483 https://api.first.org/data/v1/epss?cve=CVE-2021-4189
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4189
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4189
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4189.json
https://access.redhat.com/security/cve/CVE-2021-4189
https://api.first.org/data/v1/epss?cve=CVE-2021-4189
https://bugs.python.org/issue43285
https://bugzilla.redhat.com/show_bug.cgi?id=2036020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
https://python-security.readthedocs.io/vuln/ftplib-pasv.html
https://security.netapp.com/advisory/ntap-20221104-0004/
https://security-tracker.debian.org/tracker/CVE-2021-4189
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.10.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.10.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVE-2021-4189 https://nvd.nist.gov/vuln/detail/CVE-2021-4189
RHSA-2021:3254 https://access.redhat.com/errata/RHSA-2021:3254
RHSA-2022:1663 https://access.redhat.com/errata/RHSA-2022:1663
RHSA-2022:1821 https://access.redhat.com/errata/RHSA-2022:1821
RHSA-2022:1986 https://access.redhat.com/errata/RHSA-2022:1986
USN-5342-1 https://usn.ubuntu.com/5342-1/
USN-6891-1 https://usn.ubuntu.com/6891-1/
USN-USN-5342-2 https://usn.ubuntu.com/USN-5342-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4189.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4189
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4189
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.56200
EPSS Score 0.00182
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.