Advantech WebAccess/NMS Improper Authentication
CVE-2021-32951
5.3MEDIUM
Summary
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
Affected Version(s)
WebAccess/NMS < Versions
Refferences
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Selim Enes Karaduman (@Enesdex), working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA.