CVE-2021-32004

This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.secomea.com/support/cybersecurity-advisory/#4578	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*

History

24 Nov 2021, 02:14

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 5.3
CPE		cpe:2.3:o:secomea:gatemanager_8250_firmware:::::::: cpe:2.3:h:secomea:gatemanager_8250:-:::::::*
References	~~(MISC) https://www.secomea.com/support/cybersecurity-advisory/#4578 -~~	(MISC) https://www.secomea.com/support/cybersecurity-advisory/#4578 - Vendor Advisory

22 Nov 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-11-22 21:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-32004

Mitre link : CVE-2021-32004

CVE.ORG link : CVE-2021-32004

JSON object : View

Products Affected

secomea

gatemanager_8250_firmware
gatemanager_8250

CWE

NVD-CWE-Other CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

{"id": "CVE-2021-32004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2021-11-22T21:15:07.307", "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/#4578", "tags": ["Vendor Advisory"], "source": "VulnerabilityReporting@secomea.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "description": [{"lang": "en", "value": "CWE-923"}]}], "descriptions": [{"lang": "en", "value": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning."}, {"lang": "es", "value": "Este problema afecta a: Secomea GateManager Todas las versiones anteriores a 9.6. Una comprobaci\u00f3n inapropiada del encabezado del host en el servidor web de Secomea GateManager permite a un atacante causar el envenenamiento de la cach\u00e9 del navegador"}], "lastModified": "2021-11-24T02:14:30.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A50BEA63-7DF7-4D09-8D0A-BE7A8EC856E1", "versionEndExcluding": "9.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5089C475-2013-4DF6-AD1E-12F576ACAE8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com"}