CVE-2021-32958

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-06 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:claroty:secure_remote_access:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-05-23 20:16

Updated : 2024-02-28 19:09


NVD link : CVE-2021-32958

Mitre link : CVE-2021-32958

CVE.ORG link : CVE-2021-32958


JSON object : View

Products Affected

claroty

  • secure_remote_access
CWE
NVD-CWE-noinfo CWE-288

Authentication Bypass Using an Alternate Path or Channel