Lucene search

TwcertCVELIST:CVE-2021-32523

HistoryJul 07, 2021 - 2:12 p.m.

CVE-2021-32523 QSAN Storage Manager - Improper Authorization

2021-07-0714:12:06

CWE-285

twcert

www.cve.org

qsan

storage manager

authorization

vulnerability

remote

access control

arbitrary commands

recommendations

qsan document.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

CNA Affected

[
  {
    "product": "Storage Manager",
    "vendor": "QSAN",
    "versions": [
      {
        "lessThanOrEqual": "3.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4879-01616-1.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

Related for CVELIST:CVE-2021-32523