CVE-2021-45389

StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:starwind:command_center:6864:*:*:*:*:*:*:*
cpe:2.3:a:starwind:san\&nas:1578:*:*:*:*:*:*:*

History

14 Jan 2022, 20:57

Type Values Removed Values Added
First Time Starwind
Starwind san\&nas
Starwind command Center
References (MISC) https://www.starwindsoftware.com/security/sw-20211512-0001/ - (MISC) https://www.starwindsoftware.com/security/sw-20211512-0001/ - Vendor Advisory
CWE CWE-269
CPE cpe:2.3:a:starwind:san\&nas:1578:*:*:*:*:*:*:*
cpe:2.3:a:starwind:command_center:6864:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8

04 Jan 2022, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-04 16:15

Updated : 2022-01-14 20:57


NVD link : CVE-2021-45389

Mitre link : CVE-2021-45389


JSON object : View

Products Affected

starwind

  • san\&nas
  • command_center
CWE
CWE-269

Improper Privilege Management