{"api_version":"1","generated_at":"2026-04-22T23:31:20+00:00","cve":"CVE-2021-4477","urls":{"html":"https://cve.report/CVE-2021-4477","api":"https://cve.report/api/cve/CVE-2021-4477.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-4477","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-4477"},"summary":{"title":"Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass","description":"Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.","state":"PUBLISHED","assigner":"VulnCheck","published_at":"2026-04-03 23:17:01","updated_at":"2026-04-07 13:20:55"},"problem_types":["CWE-284","CWE-284 CWE-284  Improper access control"],"metrics":[{"version":"4.0","source":"disclosure@vulncheck.com","type":"Secondary","score":"9.3","severity":"CRITICAL","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"9.3","severity":"CRITICAL","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"disclosure@vulncheck.com","type":"Primary","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass","name":"https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass","refsource":"disclosure@vulncheck.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf","name":"https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf","refsource":"disclosure@vulncheck.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-4477","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4477","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 3.80-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 8.90-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.00-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.00-RU1 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.10-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU1 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU2 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU3 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU4 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU5 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU6 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU7 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU8 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.12-RU9 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.13-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 9.13-RU1 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 10.12-REL custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"affected 10.12-RU1 custom","platforms":[]},{"source":"CNA","vendor":"Belden","product":"Hirschmann HiLCOS OpenBAT","version":"unaffected 10.12-RU2 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2021","cve_id":"4477","cve":"CVE-2021-4477","epss":"0.000060000","percentile":"0.002840000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2021-4477","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-06T13:16:56.315497Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-06T13:17:07.744Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Hirschmann HiLCOS OpenBAT","vendor":"Belden","versions":[{"status":"affected","version":"3.80-REL","versionType":"custom"},{"status":"affected","version":"8.90-REL","versionType":"custom"},{"status":"affected","version":"9.00-REL","versionType":"custom"},{"status":"affected","version":"9.00-RU1","versionType":"custom"},{"status":"affected","version":"9.10-REL","versionType":"custom"},{"status":"affected","version":"9.12-REL","versionType":"custom"},{"status":"affected","version":"9.12-RU1","versionType":"custom"},{"status":"affected","version":"9.12-RU2","versionType":"custom"},{"status":"affected","version":"9.12-RU3","versionType":"custom"},{"status":"affected","version":"9.12-RU4","versionType":"custom"},{"status":"affected","version":"9.12-RU5","versionType":"custom"},{"status":"affected","version":"9.12-RU6","versionType":"custom"},{"status":"affected","version":"9.12-RU7","versionType":"custom"},{"status":"affected","version":"9.12-RU8","versionType":"custom"},{"status":"affected","version":"9.12-RU9","versionType":"custom"},{"status":"affected","version":"9.13-REL","versionType":"custom"},{"status":"affected","version":"9.13-RU1","versionType":"custom"},{"status":"affected","version":"10.12-REL","versionType":"custom"},{"status":"affected","version":"10.12-RU1","versionType":"custom"},{"status":"unaffected","version":"10.12-RU2","versionType":"custom"}]}],"datePublic":"2021-01-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284  Improper access control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-03T22:37:45.879Z","orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck"},"references":[{"tags":["vendor-advisory"],"url":"https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf"},{"url":"https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass"}],"source":{"discovery":"EXTERNAL"},"title":"Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass"}},"cveMetadata":{"assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","assignerShortName":"VulnCheck","cveId":"CVE-2021-4477","datePublished":"2026-04-03T22:37:45.879Z","dateReserved":"2026-04-03T16:46:37.018Z","dateUpdated":"2026-04-06T13:17:07.744Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-03 23:17:01","lastModifiedDate":"2026-04-07 13:20:55","problem_types":["CWE-284","CWE-284 CWE-284  Improper access control"],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"4477","Ordinal":"1","Title":"Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass","CVE":"CVE-2021-4477","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"4477","Ordinal":"1","NoteData":"Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.","Type":"Description","Title":"Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass"}]}}}