CVE-2021-32519
Last modified
CVE-2021-32519 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qsan | Sanos | < 2.1.0 |
| Qsan | Storage Manager | < 3.3.2 |
| Qsan | Xevo | < 2.1.0 |
References
- https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32519?
How severe is CVE-2021-32519?
How do I fix CVE-2021-32519?
Are you affected by CVE-2021-32519?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST