- Description
- Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
- Source
- vultures@jpcert.or.jp
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:univerge_sv9500_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19883A23-C24E-4087-84FF-F888183DAC70",
"versionEndIncluding": "v7",
"versionStartIncluding": "v1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:univerge_sv9500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0B741705-682F-4B46-879F-3F88116748CD"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:univerge_sv8500_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DE68839-328E-4C02-8DB4-558AFAE82685",
"versionEndIncluding": "s8",
"versionStartIncluding": "s6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:univerge_sv8500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C856762B-81AA-4718-A8CF-A42E865EA751"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]