Vulnerability Description
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Starwind | Command Center | 6864 |
| Starwind | San\&Nas | 1578 |
Related Weaknesses (CWE)
References
- https://www.starwindsoftware.com/security/sw-20211215-0001/
- https://www.starwindsoftware.com/security/sw-20211512-0001/Vendor Advisory
- https://www.starwindsoftware.com/security/sw-20211215-0001/
- https://www.starwindsoftware.com/security/sw-20211512-0001/Vendor Advisory
FAQ
What is CVE-2021-45389?
CVE-2021-45389 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN ...
How severe is CVE-2021-45389?
CVE-2021-45389 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-45389?
Check the references section above for vendor advisories and patch information. Affected products include: Starwind Command Center, Starwind San\&Nas.