CVE-2021-37190

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

ADJACENT_NETWORK

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

4.3

VectorString

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

3.3

VectorString

AV:A/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

ADJACENT_NETWORK

Authentication

NONE