CVE-2021-36750

{"id": "CVE-2021-36750", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-12-22T14:15:07.573", "references": [{"url": "https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.encsecurity.com/solutions.php", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names)."}, {"lang": "es", "value": "ENC DataVault antes de la versi\u00f3n 7.2 y VaultAPI v67 manejan mal la derivaci\u00f3n de claves, lo que facilita a los atacantes determinar las contrase\u00f1as de todos los usuarios de DataVault (a trav\u00e9s de las unidades USB vendidas bajo m\u00faltiples marcas)"}], "lastModified": "2022-01-06T14:13:08.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zendesk:enc_datavault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BD39A1E-17CD-4B93-9548-2BA73B32D7C7", "versionEndExcluding": "7.2"}, {"criteria": "cpe:2.3:a:zendesk:enc_vaultapi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CBB52D9-C199-4F92-9635-B193C6687A9F", "versionEndExcluding": "67.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sandisk:secureaccess:3.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91EF6E3E-9C0D-4F1E-99BF-9C0A41E245D0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}