Skip to main content

Webaccess Nms CVE-2021-32951

MEDIUM
Improper Authentication (CWE-287)
2021-10-27 ics-cert@hq.dhs.gov
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 27, 2021 - 01:15 nvd
MEDIUM 5.3

DescriptionNVD

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

AnalysisAI

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. Affected products include: Advantech Webaccess\/Nms.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2020-10631 CRITICAL
9.8 Apr 09

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0

CVE-2020-10625 CRITICAL
9.8 Apr 09

WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. Rated criti

CVE-2020-10621 CRITICAL
9.8 Apr 09

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Rated

CVE-2018-8845 CRITICAL
9.8 May 15

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio

CVE-2018-7505 CRITICAL
9.8 May 15

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio

CVE-2018-7499 CRITICAL
9.8 May 15

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio

CVE-2018-7497 CRITICAL
9.8 May 15

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio

CVE-2018-10589 CRITICAL
9.8 May 15

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio

CVE-2020-10619 CRITICAL
9.1 Apr 09

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) cont

CVE-2020-10603 HIGH
8.8 Apr 09

WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system

CVE-2018-8841 HIGH
7.8 May 15

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio

CVE-2020-10629 HIGH
7.5 Apr 09

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Rated high severity (CVSS 7.5), this vulnerability

Share

CVE-2021-32951 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy