CVE-2021-27891: 
SSH Communications Tectia Server vulnerability analysis and mitigation

SSH Tectia Client and Server before version 6.4.19 on Windows systems have weak key generation vulnerability. This issue also affects ConnectSecure when running on Windows. The vulnerability was disclosed on March 15, 2021 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility with low attack complexity. The vulnerability requires low privileges and no user interaction, potentially affecting confidentiality, integrity, and availability (NVD).

The vulnerability affects key generation on Windows systems, potentially compromising the security of generated keys. According to the vendor, exploiting this vulnerability would require resources typically associated with state-level actors (Vendor Advisory).

The vendor recommends upgrading all Tectia Clients and Servers running under Windows to version 6.4.19. Additionally, all user keys generated by Tectia running on Windows should be regenerated, except for those generated in FIPS mode. Host keys generated by Tectia running on Windows should also be considered for regeneration. The recommended timeline for implementing these changes was by June 30, 2021 (Vendor Advisory).