CVE-2021-32521

HIGH

QSAN Storage Manager, XEVO, SANOS - Privilege Escalation

Title source: llm

Description

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

References (1)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html

Scores

CVSS v3 7.3

EPSS 0.0030

EPSS Percentile 52.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-259 CWE-798

Status published

Products (3)

qsan/sanos < 2.0.0

qsan/storage_manager < 3.3.1

qsan/xevo < 1.2.0

Published Jul 07, 2021

Tracked Since Feb 18, 2026