Vulnerabilities > CVE-2021-42810 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Safenet Authentication Service Remote Desktop Gateway

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

thalesgroup

CWE-335

NVD

Published: 2022-01-19

Updated: 2022-01-25

Summary

A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.

Vulnerable Configurations

Part	Description	Count
Application	Thalesgroup Thalesgroup Safenet Authentication Service Remote Desktop Gateway *	1

Common Weakness Enumeration (CWE)

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

References

https://cpl.thalesgroup.com/support/security-updates
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md