PT-2021-19761 · Qsan · Qsan Sanos
Published
2021-07-07
·
Updated
2021-09-20
·
CVE-2021-32535
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
QSAN SANOS versions prior to 2.1.0
Description:
The issue concerns hard-coded default credentials in QSAN SANOS, allowing unauthenticated remote attackers to obtain administrator's permission and execute arbitrary functions.
Recommendations:
For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider changing the default credentials to custom ones until the update can be applied. Restrict access to the system to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qsan Sanos