CVE-2021-32453

SITEL CAP/PRX information exposure

CVSS 6.5 MEDIUMEPSS 0.2%CWE-306

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 May 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

SITEL · CAP/PRX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure