CVE-2021-31399 in Access Unitinfo

Summary

by MITRE • 08/13/2021

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/30/2025

The vulnerability identified as CVE-2021-31399 affects 2N Access Unit 2.0 2.31.0.40.5 devices, representing a significant security flaw in physical access control systems. This weakness enables unauthorized actors to execute man-in-the-middle attacks by impersonating the web relay component, thereby compromising the integrity and confidentiality of communication between access control devices and management systems. The affected devices operate within industrial and enterprise environments where physical security is paramount, making this vulnerability particularly concerning for organizations relying on secure access control infrastructure.

The technical root cause of this vulnerability stems from inadequate authentication mechanisms and weak cryptographic implementations within the web relay functionality of these access units. The flaw allows attackers to intercept and manipulate communication streams without proper verification of the communicating parties, effectively breaking the trust model that should exist between access control components. This vulnerability specifically impacts the device's ability to establish secure connections and validate the authenticity of network communications, creating an opening for malicious actors to gain unauthorized access to physical security systems.

The operational impact of CVE-2021-31399 extends beyond simple network interception, as it enables attackers to potentially gain unauthorized physical access to secured facilities. An attacker exploiting this vulnerability could manipulate access control decisions, grant themselves or others unauthorized entry privileges, or disrupt normal access operations. The implications are particularly severe in environments where the access control system manages critical infrastructure, data centers, or sensitive facilities where unauthorized physical access could result in significant financial loss, data breaches, or safety risks. This vulnerability essentially undermines the fundamental security assumptions of the access control system.

Organizations should implement immediate mitigations including network segmentation to isolate access control systems from general network traffic, deployment of network monitoring tools to detect anomalous communication patterns, and verification of device firmware updates from 2N to address the vulnerability. The weakness aligns with CWE-300, which addresses "Channel Attack" vulnerabilities, and maps to ATT&CK technique T1071.004 for application layer protocol: DNS, where attackers can manipulate network communications to achieve unauthorized access. Additionally, this vulnerability demonstrates characteristics of MITRE ATT&CK tactic TA0006 (Credential Access) and TA0008 (Lateral Movement) as attackers can leverage the compromised access control system to move laterally within networks or escalate privileges. System administrators should also consider implementing network intrusion detection systems and regularly auditing access control logs to identify potential exploitation attempts.

Responsible

MITRE

Reservation

04/15/2021

Disclosure

08/13/2021

Moderation

accepted

CPE

ready

EPSS

0.00850

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!