CVE-2021-32523
QSAN Storage Manager - Improper Authorization
In short
QSAN Storage Manager has a flaw that allows privileged remote users to bypass security controls and run any commands they want on the system. This is dangerous because attackers with admin access could take full control of the storage system.
Technical detail
The vulnerability involves improper authorization checks in QSAN Storage Manager, enabling authenticated privileged users to circumvent access control mechanisms and execute arbitrary commands. Attack vector is network-based requiring prior privileged credentials; impact includes complete system compromise and unauthorized command execution.
Summary generated and translated by AI from the official description.
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
QSAN · Storage ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →