9.8
CVE-2021-32520
- EPSS 1.03%
- Veröffentlicht 07.07.2021 14:15:11
- Zuletzt bearbeitet 21.11.2024 06:07:11
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginQSAN Storage Manager - Use of Hard-coded Cryptographic Key
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qsan ≫ Storage Manager Version <= 3.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.592 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| twcert@cert.org.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://www.twcert.org.tw/tw/cp-132-4876-8da07-1.html