CVE-2021-32521

EPSS 0.3%
Veröffentlicht 07.07.2021 14:15:11
Zuletzt bearbeitet 21.11.2024 06:07:11
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qsan ≫ Sanos Version <= 2.0.0

Qsan ≫ Storage Manager Version <= 3.3.1

Qsan ≫ Xevo Version < 1.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.524

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
twcert@cert.org.tw	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32521

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32521