Lucene search

SecomeaCVELIST:CVE-2021-32003

HistoryAug 05, 2021 - 8:33 p.m.

CVE-2021-32003 Configuration service port remains open 10 minutes after reboot even when already provisioned

2021-08-0520:33:30

CWE-523

Secomea

www.cve.org

cve-2021-32003

configuration service

unprotected transport of credentials

sitemanager

provisioning service

local attacker

hardware

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

CNA Affected

[
  {
    "platforms": [
      "Hardware"
    ],
    "product": "SiteManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThan": "9.5",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-32003