CVE-2021-32002 - OpenCVE

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Secomea	Sitemanager Sitemanager Firmware

Configuration 1 [-]

AND

cpe:2.3:o:secomea:sitemanager_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:secomea:sitemanager:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.secomea.com/support/cybersecurity-advisory	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Secomea

Published: 2021-08-05T20:33:27

Updated: 2021-08-05T20:33:27

Reserved: 2021-05-03T00:00:00

Link: CVE-2021-32002

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-05T21:15:11.970

Modified: 2022-07-02T20:33:44.267

Link: CVE-2021-32002

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"platforms": ["Hardware"], "product": "SiteManager", "vendor": "Secomea", "versions": [{"lessThan": "9.5", "status": "affected", "version": "All", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-05T20:33:27", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.secomea.com/support/cybersecurity-advisory"}], "source": {"defect": ["RD-3776"], "discovery": "INTERNAL"}, "title": "SiteManager troubleshooter allows access without authentication from local network ", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32002", "STATE": "PUBLIC", "TITLE": "SiteManager troubleshooter allows access without authentication from local network "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SiteManager", "version": {"version_data": [{"platform": "Hardware", "version_affected": "<", "version_name": "All", "version_value": "9.5"}]}}]}, "vendor_name": "Secomea"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}, {"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://www.secomea.com/support/cybersecurity-advisory", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory"}]}, "source": {"defect": ["RD-3776"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2021-32002", "datePublished": "2021-08-05T20:33:27", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2021-08-05T20:33:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:secomea:sitemanager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A1C871A-C158-49A3-B912-14615562068D", "versionEndExcluding": "9.5.621256022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:secomea:sitemanager:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DEE66B6-F0A6-4172-8795-48A6DF6A61E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inapropiado en el servicio web de Secomea SiteManager permite a un atacante local sin credenciales recopilar informaci\u00f3n de red y configuraci\u00f3n del SiteManager. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware"}], "id": "CVE-2021-32002", "lastModified": "2022-07-02T20:33:44.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}, "published": "2021-08-05T21:15:11.970", "references": [{"source": "VulnerabilityReporting@secomea.com", "tags": ["Vendor Advisory"], "url": "https://www.secomea.com/support/cybersecurity-advisory"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}