CVE-2021-32951 Advantech WebAccess/NMS Improper Authentication

2021-10-2700:54:22

CWE-287

icscert

www.cve.org

advantech

webaccess

nms

authentication

vulnerability

unauthorized users

resource viewing

ip addresses

device management

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

78.5%

JSON

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

CNA Affected

[
  {
    "product": "WebAccess/NMS",
    "vendor": "Advantech",
    "versions": [
      {
        "lessThan": "v3.0.3_Build6299",
        "status": "affected",
        "version": "Versions",
        "versionType": "custom"
      }
    ]
  }
]