CVE-2021-32958 MEDIUM

CVE-2021-32958: Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel

Vendor Claroty
Product Secure Remote Access (SRA) Site
Weakness CWE-288
Published May 23, 2022
Last update April 16, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.

Key dates

02Disclosure timeline

May 23, 2022 CVE published
April 16, 2025 Record updated