Lucene search

IcscertCVELIST:CVE-2021-32958

HistoryMay 23, 2022 - 7:34 p.m.

CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel

2022-05-2319:34:55

CWE-288

icscert

www.cve.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.

CNA Affected

[
  {
    "product": "Secure Remote Access (SRA) Site",
    "vendor": "Claroty",
    "versions": [
      {
        "status": "affected",
        "version": "versions 3.0 through 3.2"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-21-180-06

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVELIST:CVE-2021-32958