JpcertCVE-2020-5686CVE-2020-5686
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
54.7%
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nec | univerge_sv9500_firmware | * | cpe:2.3:o:nec:univerge_sv9500_firmware:*:*:*:*:*:*:*:* |
| nec | univerge_sv9500 | - | cpe:2.3:h:nec:univerge_sv9500:-:*:*:*:*:*:*:* |
| nec | univerge_sv8500_firmware | * | cpe:2.3:o:nec:univerge_sv8500_firmware:*:*:*:*:*:*:*:* |
| nec | univerge_sv8500 | - | cpe:2.3:h:nec:univerge_sv8500:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "UNIVERGE SV9500/SV8500 series",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "SV9500 series from V1 to V7and SV8500 series from S6 to S8"
}
]
}
]Social References
More
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
54.7%