Lucene search

Japan Vulnerability NotesJVN:34364599

HistoryJul 14, 2021 - 12:00 a.m.

JVN#34364599: Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

2021-07-1400:00:00

Japan Vulnerability Notes

jvn.jp

optical bb unit

e-wmta2.3

cross-site request forgery

firmware update

softbank

cwe-352

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.8%

JSON

Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability (CWE-352).

Impact

If a user views a malicious page while logged in, unintended operations may be performed.

Solution

Update the firmware
According to the developer, the fixed firmware for this vulnerability has been released in December 2020, and the update is applied automatically.

Products Affected

Optical BB unit E-WMTA2.3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.8%

JSON

Related for JVN:34364599