Is SMG-SP affected by CVE-2021-29921

book

Article ID: 221880

calendar_today

Updated On:

Products

Messaging Gateway for Service Providers

Issue/Introduction

CVE-2021-29921

Description
In Python before 3.9.5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Environment

Release : 10.6

Resolution

Messaging Gateway for Service Providers (SMG-SP) is not affected by this vulnerability. 

The SMG-SP product does not use python for any of it's operations. Neither does SMG-SP rely in any way on the "system python" of the servers it is installed on.