Denial of Service Vulnerability in Luca Server: Unauthenticated Insertion of Fake COVID-19 Records

Denial of Service Vulnerability in Luca Server: Unauthenticated Insertion of Fake COVID-19 Records

CVE-2021-33840 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.

Learn more about our Cis Benchmark Audit For Server Software.