CVE-2021-32453

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sitel-sa:cap\/prx_firmware:5.2.01:*:*:*:*:*:*:*

cpe:2.3:h:sitel-sa:cap\/prx:-:*:*:*:*:*:*:*

History

04 Aug 2022, 15:46

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-306

24 May 2021, 16:40

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 3.3
References	~~(CONFIRM) https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure -~~	(CONFIRM) https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure - Third Party Advisory
CWE		CWE-200
CPE		cpe:2.3:o:sitel-sa:cap\/prx_firmware:5.2.01:::::::* cpe:2.3:h:sitel-sa:cap\/prx:-:::::::*

Information

Published : 2021-05-17 17:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-32453

Mitre link : CVE-2021-32453

CVE.ORG link : CVE-2021-32453

JSON object : View

Products Affected

sitel-sa

cap\/prx_firmware
cap\/prx

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2021-32453", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-05-17T17:15:08.647", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."}, {"lang": "es", "value": "SITEL CAP/PRX versiones del firmware 5.2.01, permite a un atacante con acceso a la red local, acceder por medio de HTTP a la base de datos de configuraci\u00f3n interna del dispositivo sin ninguna autenticaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sobre la configuraci\u00f3n del dispositivo"}], "lastModified": "2023-11-09T16:15:33.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sitel-sa:cap\\/prx_firmware:5.2.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68BAF579-93DD-4CC3-AA6D-B96020C3F02B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sitel-sa:cap\\/prx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B5B8AD2-407A-4663-8422-B27769EFC0C6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}