From 1f674e83c6492503b604bb7035d672457de8994b Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Wed, 13 Jan 2021 18:17:46 +0900 Subject: [PATCH] JPCERT/CC 2021-01-13-18-16 --- 2020/5xxx/CVE-2020-5633.json | 53 ++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5685.json | 50 ++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5686.json | 50 ++++++++++++++++++++++++++++++-- 2021/20xxx/CVE-2021-20616.json | 50 ++++++++++++++++++++++++++++++-- 4 files changed, 191 insertions(+), 12 deletions(-) diff --git a/2020/5xxx/CVE-2020-5633.json b/2020/5xxx/CVE-2020-5633.json index f10718dbd35..43e063a862d 100644 --- a/2020/5xxx/CVE-2020-5633.json +++ b/2020/5xxx/CVE-2020-5633.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple NEC products where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied", + "version": { + "version_data": [ + { + "version_value": "Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-002.html" + }, + { + "url": "https://www.support.nec.co.jp/View.aspx?id=9010108754" + }, + { + "url": "https://jvn.jp/en/jp/JVN38752718/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors." } ] } diff --git a/2020/5xxx/CVE-2020-5685.json b/2020/5xxx/CVE-2020-5685.json index 4b8b8d59482..3c18e81104a 100644 --- a/2020/5xxx/CVE-2020-5685.json +++ b/2020/5xxx/CVE-2020-5685.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "UNIVERGE SV9500/SV8500 series", + "version": { + "version_data": [ + { + "version_value": "SV9500 series from V1 to V7and SV8500 series from S6 to S8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.necplatforms.co.jp/en/press/security_adv.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN38784555/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL." } ] } diff --git a/2020/5xxx/CVE-2020-5686.json b/2020/5xxx/CVE-2020-5686.json index b6d7fa71517..f5ccead6434 100644 --- a/2020/5xxx/CVE-2020-5686.json +++ b/2020/5xxx/CVE-2020-5686.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "UNIVERGE SV9500/SV8500 series", + "version": { + "version_data": [ + { + "version_value": "SV9500 series from V1 to V7and SV8500 series from S6 to S8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Implementation of Authentication Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.necplatforms.co.jp/en/press/security_adv.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN38784555/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL." } ] } diff --git a/2021/20xxx/CVE-2021-20616.json b/2021/20xxx/CVE-2021-20616.json index 55f2b5ddb7a..56cf7ea1f1a 100644 --- a/2021/20xxx/CVE-2021-20616.json +++ b/2021/20xxx/CVE-2021-20616.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sky Co., LTD.", + "product": { + "product_data": [ + { + "product_name": "SKYSEA Client View", + "version": { + "version_data": [ + { + "version_value": "Ver.1.020.05b to Ver.16.001.01g" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.skyseaclientview.net/news/210112_01/" + }, + { + "url": "https://jvn.jp/en/jp/JVN69635538/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." } ] }