Advantech WebAccess/NMS Improper Authentication

CVE-2021-32951

5.3MEDIUM

Key Information

Vendor
Advantech
Status
Webaccess/nms
Vendor
CVE Published:
27 October 2021

Summary

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

Affected Version(s)

WebAccess/NMS < Versions

Refferences

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Selim Enes Karaduman (@Enesdex), working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA.
.