CVE-2021-32535

{"id": "CVE-2021-32535", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-07-07T14:15:12.100", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-4892-768d9-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator\u2019s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0."}, {"lang": "es", "value": "La vulnerabilidad de las credenciales predeterminadas codificadas en QSAN SANOS permite a los atacantes remotos no autentificados obtener el permiso del administrador y ejecutar funciones arbitrarias. La referida vulnerabilidad ha sido resuelta con la versi\u00f3n actualizada de QSAN SANOS versi\u00f3n v2.1.0"}], "lastModified": "2021-09-20T12:37:23.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85D922DA-3B01-496D-8362-1E0745AEA2BC", "versionEndExcluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}