CVE-2021-4477
Received Received - Intake
Firewall Bypass in Hirschmann HiLCOS IPv6 IPsec VPN Connections

Publication date: 2026-04-03

Last updated on: 2026-04-03

Assigner: VulnCheck

Description
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2021-4477
EUVD
EUVD-2021-34774
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
hirschmann hilcos to 10.12-ru2 (exc)
hirschmann hilcos 10.12-ru2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Hirschmann HiLCOS OpenBAT and BAT450 products and involves a firewall bypass in IPv6 IPsec deployments. Specifically, it allows traffic from VPN connections to bypass the configured firewall rules. Attackers can exploit this by establishing IPv6 IPsec connections (using IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection, which enables them to circumvent the firewall's policy enforcement.

Impact Analysis

The impact of this vulnerability is significant because it allows unauthorized traffic to bypass firewall protections, potentially exposing internal networks to malicious activity. Since the vulnerability has a high CVSS score (9.1 in v3.1 and 9.3 in v4.0), it indicates that attackers can remotely exploit it without privileges or user interaction, leading to high confidentiality and integrity impacts. This could result in unauthorized access to sensitive data or systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-4477. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart