CVE-2021-44793 Krontech CVE debrief

Who should care

Organizations running Krontech Single Connect for privileged access management; security teams monitoring for unauthorized configuration access; database administrators responsible for credential security and privilege separation.

Technical summary

The sc-reports-ui module in Krontech Single Connect fails to enforce authorization checks on requests to access the device configuration page. An unauthenticated remote attacker can directly access this functionality and export configuration data to an external file. The exported data contains database credentials; the database operates with elevated privileges, enabling command execution through credential misuse. The vulnerability is classified as CWE-862 (Missing Authorization) with a CVSS 3.1 score of 8.6 (High severity).

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Krontech Single Connect to version 2.16 or later to remediate the missing authorization check in the sc-reports-ui module.
• Restrict network access to Single Connect administrative interfaces to trusted administrative hosts only.
• Monitor for unauthorized access attempts to /sc-reports-ui/ paths and configuration export endpoints.
• Audit database credential rotation if compromise is suspected, as the vulnerability exposes credentials that could enable command execution via the privileged database account.
• Review application logs for unexpected configuration exports or data exfiltration activity predating 2022-01-27.

Evidence notes

Official disclosure from Turkish National Cyber Security Incident Response Center (USOM) via NVD. CVSS 3.1 vector confirms network attack vector with no privileges required. CPE criteria specifies affected product as Krontech Single Connect versions before 2.16.

Official resources