Vulnerabilities > CVE-2021-32958 - Unspecified vulnerability in Claroty Secure Remote Access

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

claroty

NVD

Published: 2022-05-23

Updated: 2022-06-07

Summary

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.

Vulnerable Configurations

Part	Description	Count
Application	Claroty Claroty Secure Remote Access *	1

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-06