CVE-2022-24551
First published: Sun Feb 06 2022(Updated: )
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Starwindsoftware Nas | <0.2 | |
| Starwindsoftware San | <0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in StarWind Stack?
The vulnerability ID is CVE-2022-24551.
What is the severity rating of CVE-2022-24551?
The severity rating for CVE-2022-24551 is critical with a score of 8.8.
What is affected by CVE-2022-24551?
This vulnerability affects StarWind SAN and NAS v0.2 build 1633.
What is the CWE (Common Weakness Enumeration) category of CVE-2022-24551?
The CWE category for CVE-2022-24551 is CWE-287.
How can the vulnerability be exploited?
An attacker could reset any local user password (including system/administrator user) using any available user.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/starwindsoftware
- canonical/starwindsoftware nas
- canonical/starwindsoftware san