CVE-2022-24551: Critical severity starwind software nas vulnerability
Published Feb 6, 2022
·Updated
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.
Affected Software
2 affected components
Starwindsoftware Nas<0.2
Starwindsoftware San<0.2
Event History
Feb 6, 2022
CVE Published
via MITRE·08:18 PM
Data Sourced
via MITRE·08:18 PM
Description
Frequently Asked Questions
1
What is the vulnerability ID for this flaw in StarWind Stack?
The vulnerability ID is CVE-2022-24551.
2
What is the severity rating of CVE-2022-24551?
The severity rating for CVE-2022-24551 is critical with a score of 8.8.
3
What is affected by CVE-2022-24551?
This vulnerability affects StarWind SAN and NAS v0.2 build 1633.
4
What is the CWE (Common Weakness Enumeration) category of CVE-2022-24551?
The CWE category for CVE-2022-24551 is CWE-287.
5
How can the vulnerability be exploited?
An attacker could reset any local user password (including system/administrator user) using any available user.