PatchSiren cyber security CVE debrief
CVE-2021-44792 Krontech CVE debrief
A missing authorization check in Krontech Single Connect's log-monitor module allows unauthenticated remote attackers to access the logging interface and potentially obtain sensitive information. The vulnerability affects versions prior to 2.16. The issue was disclosed in January 2022 and remains relevant for unpatched deployments.
- Vendor
- Krontech
- Product
- Single Connect
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-01-27
- Original CVE updated
- 2026-05-18
- Advisory published
- 2022-01-27
- Advisory updated
- 2026-05-18
Who should care
Organizations running Krontech Single Connect for privileged access management should prioritize patching, particularly those with externally exposed management interfaces or compliance requirements for access logging integrity. Security teams should audit for unauthorized access to logging functions that could indicate reconnaissance or data exfiltration activity.
Technical summary
Krontech Single Connect versions prior to 2.16 fail to perform authorization checks when accessing the log-monitor module. This allows remote attackers to reach the logging interface without authentication, potentially exposing sensitive operational data. The vulnerability is network-exploitable with low attack complexity and requires no privileges or user interaction. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) reflects network accessibility, low complexity, no required privileges, and limited confidentiality impact. The root cause is categorized as CWE-862 (Missing Authorization).
Defensive priority
medium
Recommended defensive actions
- Upgrade Krontech Single Connect to version 2.16 or later to remediate the missing authorization check in the log-monitor module
- Review access logs for unauthorized access attempts to the log-monitor interface, particularly from unexpected source IP addresses
- Implement network segmentation to restrict access to Single Connect administrative interfaces to authorized management hosts only
- Monitor for anomalous access patterns to logging endpoints that may indicate exploitation attempts
- Verify that authentication and authorization controls are enforced consistently across all administrative modules, not just the log-monitor component
Evidence notes
The vulnerability is documented in NVD with CVSS 3.1 score 5.3 (MEDIUM). The CPE configuration indicates affected versions are those before 2.16. Multiple references from USOM (Turkish National Cyber Security Incident Response Center) provide third-party advisory context. The weakness is classified as CWE-862 (Missing Authorization).
Official resources
-
CVE-2021-44792 CVE record
CVE.org
-
CVE-2021-44792 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
2022-01-27