admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 09:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-217xx/CVE-2021-21741.json

131 lines
4.2 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2021-21741",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2021-08-30T18:15:08.107",
"lastModified": "2021-09-07T14:04:59.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001."
},
{
"lang": "es",
"value": "Un sistema de administraci\u00f3n de conferencias de ZTE, est\u00e1 afectado por una vulnerabilidad de ejecuci\u00f3n de comandos. Dado que el servicio de objetos java de soapmonitor est\u00e1 habilitado por defecto, el atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrario mediante el env\u00edo de una carga \u00fatil deserializada al puerto 5001."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.16.01u01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "164F10FD-FD8A-470C-B0AC-04B253070FF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.19.01u01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA83CD1-309A-4E15-9395-EFB3976EC50E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.20.01u01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C3057A-C517-4FF9-B03F-A91DF8DF675D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.21.01.04:p01:*:*:*:*:*:*",
"matchCriteriaId": "65C1CF13-8E64-4231-BF21-6928C7189502"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxv10_m910:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A39F1727-2C52-4AC9-9AD1-D6D6D44CE7AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424",
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue Copy Permalink