Vulnerabilities > CVE-2021-32928 - Incomplete Cleanup vulnerability in Thalesgroup Sentinel LDK Run-Time Environment 7.6

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

thalesgroup

CWE-459

critical

NVD

Published: 2021-06-16

Updated: 2021-07-01

Summary

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.

Vulnerable Configurations

Part	Description	Count
Application	Thalesgroup Thalesgroup Sentinel LDK RUN Time Environment - Thalesgroup Sentinel LDK RUN Time Environment 7.6	2

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06