Vulnerabilities > CVE-2021-32522 - Improper Restriction of Excessive Authentication Attempts vulnerability in Qsan Sanos, Storage Manager and Xevo

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
qsan
CWE-307
critical

Summary

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

Vulnerable Configurations

Part Description Count
Application
Qsan
5