{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"CAP/PRX","vendor":"SITEL","versions":[{"status":"affected","version":"5.2.01"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher."}],"datePublic":"2021-05-12T22:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration."}],"value":"SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2023-11-09T15:45:36.788Z"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}],"value":"The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}],"source":{"advisory":"INCIBE-2021-0178","discovery":"EXTERNAL"},"title":"SITEL CAP/PRX information exposure","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve-coordination@incibe.es","DATE_PUBLIC":"2021-05-13T10:00:00.000Z","ID":"CVE-2021-32453","STATE":"PUBLIC","TITLE":"SITEL CAP/PRX information exposure"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"CAP/PRX","version":{"version_data":[{"version_affected":"=","version_name":"5.2.01","version_value":"5.2.01"}]}}]},"vendor_name":"SITEL"}]}},"credit":[{"lang":"eng","value":"Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200 Information Exposure"}]}]},"references":{"reference_data":[{"name":"https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure","refsource":"CONFIRM","url":"https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure"}]},"solution":[{"lang":"en","value":"The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}],"source":{"advisory":"INCIBE-2021-0178","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:17:29.549Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"}]}]},"cveMetadata":{"assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","assignerShortName":"INCIBE","cveId":"CVE-2021-32453","datePublished":"2021-05-17T16:43:20.931Z","dateReserved":"2021-05-07T00:00:00.000Z","dateUpdated":"2024-09-16T17:03:17.777Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}