cvelist/2021/3xxx/CVE-2021-3460.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "ID": "CVE-2021-3460",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "MH702x",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "2.0.0.301"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Motorola"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-295 Improper Certificate Validation"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249",
                "name": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Update Motorola MH702x devices to firmware version 2.0.0.301."
        }
    ],
    "source": {
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2021-03-22 22:00:41 +00:00			`{`
			`"CVE_data_meta": {`
populate and reject cves populate cves for 4-13-21 and reject unused 2020 cves. 2021-04-13 16:35:56 -04:00			`"ASSIGNER": "psirt@lenovo.com",`
"-Synchronized-Data." 2021-03-22 22:00:41 +00:00			`"ID": "CVE-2021-3460",`
populate and reject cves populate cves for 4-13-21 and reject unused 2020 cves. 2021-04-13 16:35:56 -04:00			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2021-03-22 22:00:41 +00:00			`},`
populate and reject cves populate cves for 4-13-21 and reject unused 2020 cves. 2021-04-13 16:35:56 -04:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "MH702x",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "2.0.0.301"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Motorola"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-03-22 22:00:41 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
populate and reject cves populate cves for 4-13-21 and reject unused 2020 cves. 2021-04-13 16:35:56 -04:00			`"value": "The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-295 Improper Certificate Validation"`
			`}`
			`]`
"-Synchronized-Data." 2021-03-22 22:00:41 +00:00			`}`
			`]`
populate and reject cves populate cves for 4-13-21 and reject unused 2020 cves. 2021-04-13 16:35:56 -04:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2021-04-13 21:02:01 +00:00			`"refsource": "MISC",`
			`"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249",`
			`"name": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"`
populate and reject cves populate cves for 4-13-21 and reject unused 2020 cves. 2021-04-13 16:35:56 -04:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Update Motorola MH702x devices to firmware version 2.0.0.301."`
			`}`
			`],`
			`"source": {`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2021-03-22 22:00:41 +00:00			`}`
			`}`