CVE-2021-45389
First published: Tue Jan 04 2022(Updated: )
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| StarWind Command Center | =6864 | |
| StarWind SAN & NAS | =1578 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-45389?
CVE-2021-45389 is considered a critical security vulnerability due to its potential for privilege escalation.
What systems are affected by CVE-2021-45389?
CVE-2021-45389 affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
How do I fix CVE-2021-45389?
To fix CVE-2021-45389, update your StarWind SAN and NAS to version 1579 or StarWind Command Center to version 6865.
What type of vulnerability is CVE-2021-45389?
CVE-2021-45389 is a JWT token injection vulnerability that allows unauthorized privilege escalation.
Can CVE-2021-45389 be exploited remotely?
Yes, CVE-2021-45389 can be exploited remotely if an attacker injects a self-signed JWT token.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/starwind
- canonical/starwind command center
- version/starwind command center/6864
- canonical/starwind san & nas
- version/starwind san & nas/1578