Advantech WebAccess/NMS Improper Authentication

CVE-2021-32951

5.3MEDIUM

Key Information

Vendor: Advantech
Status: Webaccess/nms
Vendor: CVE Published:; 27 October 2021

Summary

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

Affected Version(s)

WebAccess/NMS < Versions

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 27, 2021
Vulnerability Reserved.
May 13, 2021

Collectors

NVD DatabaseMitre Database

Credit

Selim Enes Karaduman (@Enesdex), working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA.