Lucene search

INCIBECVELIST:CVE-2021-32454

HistoryMay 17, 2021 - 5:36 p.m.

CVE-2021-32454 SITEL CAP/PRX hardcoded credentials

2021-05-1717:36:30

CWE-798

INCIBE

www.cve.org

sitel

cap/prx

firmware

hardcoded password

vulnerability

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.

CNA Affected

[
  {
    "product": "CAP/PRX",
    "vendor": "SITEL",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.01"
      }
    ]
  }
]

References

www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Related for CVELIST:CVE-2021-32454