Overview
- Description
- Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:univerge_sv9500_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19883A23-C24E-4087-84FF-F888183DAC70",
"versionEndIncluding": "v7",
"versionStartIncluding": "v1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:univerge_sv9500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0B741705-682F-4B46-879F-3F88116748CD"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:univerge_sv8500_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DE68839-328E-4C02-8DB4-558AFAE82685",
"versionEndIncluding": "s8",
"versionStartIncluding": "s6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:univerge_sv8500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C856762B-81AA-4718-A8CF-A42E865EA751"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]