Overview
- Description
- A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:starwind:command_center:6864:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52984893-7758-4C6E-A574-5B5D1780A97F"
},
{
"criteria": "cpe:2.3:a:starwind:san\\&nas:1578:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EA37C0F-A623-436E-A134-4A019A783429"
}
],
"operator": "OR"
}
]
}
]