CVE-2021-4477
Firewall Bypass in Hirschmann HiLCOS IPv6 IPsec VPN Connections
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hilcos | to 10.12-ru2 (exc) |
| hirschmann | hilcos | 10.12-ru2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Hirschmann HiLCOS OpenBAT and BAT450 products and involves a firewall bypass in IPv6 IPsec deployments. Specifically, it allows traffic from VPN connections to bypass the configured firewall rules. Attackers can exploit this by establishing IPv6 IPsec connections (using IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection, which enables them to circumvent the firewall's policy enforcement.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows unauthorized traffic to bypass firewall protections, potentially exposing internal networks to malicious activity. Since the vulnerability has a high CVSS score (9.1 in v3.1 and 9.3 in v4.0), it indicates that attackers can remotely exploit it without privileges or user interaction, leading to high confidentiality and integrity impacts. This could result in unauthorized access to sensitive data or systems.