CVE-2021-32453 MEDIUM

CVE-2021-32453: SITEL CAP/PRX information exposure

Vendor Sitel
Product CAP/PRX
Weakness CWE-306 · Missing auth
Published May 17, 2021
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.

Key dates

02Disclosure timeline

May 17, 2021 CVE published
September 16, 2024 Record updated