CVE-2021-32521

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:xevo:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html - Third Party Advisory
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 7.3

22 Jul 2021, 11:15

Type Values Removed Values Added
Summary Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

10 Jul 2021, 03:32

Type Values Removed Values Added
References (CONFIRM) https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html - (CONFIRM) https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html - Third Party Advisory
CWE CWE-798
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:qsan:xevo:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*

07 Jul 2021, 15:08

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-07 14:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32521

Mitre link : CVE-2021-32521

CVE.ORG link : CVE-2021-32521


JSON object : View

Products Affected

qsan

  • storage_manager
  • xevo
  • sanos
CWE
CWE-259

Use of Hard-coded Password

CWE-798

Use of Hard-coded Credentials