CVE-2021-32453 - OpenCVE

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sitel-sa	Cap\/prx Cap\/prx Firmware

Configuration 1 [-]

AND

cpe:2.3:h:sitel-sa:cap\/prx:-:*:*:*:*:*:*:*

cpe:2.3:o:sitel-sa:cap\/prx_firmware:5.2.01:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2021-05-17T16:43:20.931715Z

Updated: 2024-09-16T17:03:17.777Z

Reserved: 2021-05-07T00:00:00

Link: CVE-2021-32453

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-17T17:15:08.647

Modified: 2023-11-09T16:15:33.710

Link: CVE-2021-32453

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CAP/PRX", "vendor": "SITEL", "versions": [{"status": "affected", "version": "5.2.01"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."}], "datePublic": "2021-05-12T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."}], "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-11-09T15:45:36.788Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}], "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}], "source": {"advisory": "INCIBE-2021-0178", "discovery": "EXTERNAL"}, "title": "SITEL CAP/PRX information exposure", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-coordination@incibe.es", "DATE_PUBLIC": "2021-05-13T10:00:00.000Z", "ID": "CVE-2021-32453", "STATE": "PUBLIC", "TITLE": "SITEL CAP/PRX information exposure"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CAP/PRX", "version": {"version_data": [{"version_affected": "=", "version_name": "5.2.01", "version_value": "5.2.01"}]}}]}, "vendor_name": "SITEL"}]}}, "credit": [{"lang": "eng", "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure", "refsource": "CONFIRM", "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure"}]}, "solution": [{"lang": "en", "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}], "source": {"advisory": "INCIBE-2021-0178", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:29.549Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"}]}]}, "cveMetadata": {"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "assignerShortName": "INCIBE", "cveId": "CVE-2021-32453", "datePublished": "2021-05-17T16:43:20.931715Z", "dateReserved": "2021-05-07T00:00:00", "dateUpdated": "2024-09-16T17:03:17.777Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sitel-sa:cap\\/prx:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B5B8AD2-407A-4663-8422-B27769EFC0C6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sitel-sa:cap\\/prx_firmware:5.2.01:*:*:*:*:*:*:*", "matchCriteriaId": "68BAF579-93DD-4CC3-AA6D-B96020C3F02B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."}, {"lang": "es", "value": "SITEL CAP/PRX versiones del firmware 5.2.01, permite a un atacante con acceso a la red local, acceder por medio de HTTP a la base de datos de configuraci\u00f3n interna del dispositivo sin ninguna autenticaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sobre la configuraci\u00f3n del dispositivo"}], "id": "CVE-2021-32453", "lastModified": "2023-11-09T16:15:33.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2021-05-17T17:15:08.647", "references": [{"source": "cve-coordination@incibe.es", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}