Lucene search

[email protected]NVD:CVE-2021-32523

HistoryJul 07, 2021 - 2:15 p.m.

CVE-2021-32523

2021-07-0714:15:11

CWE-285

[email protected]

web.nvd.nist.gov

qsan storage manager

improper authorization

remote users

access control

arbitrary commands

qsan document

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.5%

JSON

Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

Affected configurations

Nvd

Node

qsanstorage_managerRange≤3.3.1

VendorProductVersionCPE
qsanstorage_manager*cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qsan	storage_manager	*	cpe:2.3:a:qsan:storage_manager::::::::

References

www.twcert.org.tw/tw/cp-132-4879-01616-1.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.5%

JSON

Related for NVD:CVE-2021-32523

cve1 prion1 cvelist1