{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T15:53:46.387","vulnerabilities":[{"cve":{"id":"CVE-2021-32521","sourceIdentifier":"twcert@cert.org.tw","published":"2021-07-07T14:15:11.143","lastModified":"2024-11-21T06:07:11.577","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document."},{"lang":"es","value":"El uso de la dirección MAC como contraseña autentificada en QSAN Storage Manager, XEVO, SANOS permite a los atacantes locales escalar privilegios. Se sugiere contactar con QSAN y consultar las recomendaciones del documento de QSAN"}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-259"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.0","matchCriteriaId":"8E6A6A45-8986-4A14-A493-4E3EE03D7996"},{"vulnerable":true,"criteria":"cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.1","matchCriteriaId":"3CE2A478-5140-4734-B1BA-0AB2741ADBB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:qsan:xevo:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.0","matchCriteriaId":"8E07217C-F1F9-473A-9068-D1530EA30D21"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}