JVN#82074338: Multiple vulnerabilities in NEC Aterm series

2024-04-0500:00:00

Japan Vulnerability Notes

jvn.jp

nec aterm series

multiple vulnerabilities

incorrect permission assignment

sensitive system information exposure

active debug code

weak credentials

hard-coded credentials

undocumented features

insufficient session expiration

unauthorized access

privilege escalation

arbitrary code execution

sensitive information exposure

firmware update

workaround

product discontinuation

8.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.

Incorrect Permission Assignment for Critical Resource (CWE-732) CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28006Incorrect Permission Assignment for Critical Resource (CWE-732)CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28007Active Debug Code (CWE-489)CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28008Use of Weak Credentials (CWE-1391)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28009, CVE-2024-28012Use of Hard-coded Credentials (CWE-798)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28010Inclusion of Undocumented Features (CWE-1242)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2024-28011Insufficient Session Expiration (CWE-613)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-28013Buffer Overflow (CWE-120)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-28014OS Command Injection in the web management console (CWE-78)CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-28015Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-28016

Impact

If a user logs in to the product through the telnet service and alters the device configuration, a shell may be executed with the root privilege (CVE-2024-28005)
An unauthenticated attacker may obtain sensitive information (CVE-2024-28006)
If a user enables telnet service and logs in, a shell may be executed with the root privilege (CVE-2024-28007)
If a user logs in to the product through the telnet service, the debug function may be used (CVE-2024-28008)
An unauthenticated attacker may guess the ID and password, and log in to telnet service (CVE-2024-28009, CVE-2024-28010, CVE-2024-28012)
An unauthenticated attacker may access telnet service unlimitedly (CVE-2024-28011)
An attacker may alter the device settings without logging in (CVE-2024-28013)
An unauthenticated attacker may execute an arbitrary code (CVE-2024-28014)
A logged-in user may execute an arbitrary command through the device’s management page (CVE-2024-28015)
An unauthenticated attacker may obtain information such as model numbers (CVE-2024-28016)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the Workaround
The developer also recommends users apply the workaround.

Stop using the products
Some affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

For more information, refer to the information provided by the developer.