From b85a0c01e4c087580a32a2b4bd27f08089fd8620 Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Tue, 6 Oct 2020 13:44:41 +0900 Subject: [PATCH] JPCERT/CC 2020-10-06-13-43 --- 2020/5xxx/CVE-2020-5631.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5632.json | 50 ++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5634.json | 50 ++++++++++++++++++++++++++++++++-- 3 files changed, 144 insertions(+), 9 deletions(-) diff --git a/2020/5xxx/CVE-2020-5631.json b/2020/5xxx/CVE-2020-5631.json index 5597e380f1c..bf2572df040 100644 --- a/2020/5xxx/CVE-2020-5631.json +++ b/2020/5xxx/CVE-2020-5631.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CMONOS Co. Ltd.", + "product": { + "product_data": [ + { + "product_name": "CMONOS.JP", + "version": { + "version_data": [ + { + "version_value": "ver2.0.20191009 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cmonos.jp/download/history.html" + }, + { + "url": "https://cmonos.jp/download/index.shtml" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93741515/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors." } ] } diff --git a/2020/5xxx/CVE-2020-5632.json b/2020/5xxx/CVE-2020-5632.json index 8db04c6b112..3ecf94e042c 100644 --- a/2020/5xxx/CVE-2020-5632.json +++ b/2020/5xxx/CVE-2020-5632.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "InfoCage SiteShell series", + "version": { + "version_data": [ + { + "version_value": "Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/infocage/siteshell/everyone_20200918.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN07426151/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files." } ] } diff --git a/2020/5xxx/CVE-2020-5634.json b/2020/5xxx/CVE-2020-5634.json index ac00a3065dd..0456c0793b0 100644 --- a/2020/5xxx/CVE-2020-5634.json +++ b/2020/5xxx/CVE-2020-5634.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "ELECOM LAN routers", + "version": { + "version_data": [ + { + "version_value": "WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20201005-01/" + }, + { + "url": "https://jvn.jp/en/jp/JVN82892096/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors." } ] }