{ "id": "CVE-2022-25621", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2022-03-11T18:15:41.210", "lastModified": "2022-03-22T17:53:02.347", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands." }, { "lang": "es", "value": "UNIVERGE WA 1020 Versiones 8.2.11 y anteriores, UNIVERGE WA 1510 Versiones 8.2.11 y anteriores, UNIVERGE WA 1511 Versiones 8.2.11 y anteriores, UNIVERGE WA 1512 Versiones 8.2.11 y anteriores, UNIVERGE WA 2020 Versiones 8.2.11 y anteriores, UNIVERGE WA 2021 Versiones 8.2. 11 y anteriores, UNIVERGE WA 2610-AP Versiones 8.2.11 y anteriores, UNIVERGE WA 2611-AP Versiones 8.2.11 y anteriores, UNIVERGE WA 2611E-AP Versiones 8.2.11 y anteriores, UNIVERGE WA WA2612-AP Versiones 8.2.11 y anteriores permiten a un atacante remoto ejecutar comandos arbitrarios del Sistema Operativo" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-78" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa1020_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "C64E391F-5677-4901-A12B-041031CA6E9F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa1020:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF66BC3A-F599-4D67-BC0B-2164542F946F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa1510_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "ED51866B-ADC7-49A1-9909-861A787EEF53" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "08110880-F402-4FCB-9A96-0287B386D928" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa1511_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "91AFB17B-2900-4A62-B0C8-CEC0C03D9261" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "08F8E329-9B14-4751-8A7E-124F6CFB951C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa1512_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "66E731A8-FC4B-455B-883E-05941B62840A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "79FEA4DC-EE7D-4A0B-8693-63428D5971CD" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa2020_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "A43A837D-11EB-4B25-B045-72F248F87CF6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDD96A7C-9F9A-4334-A14D-EF30E8D71A9F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa2021_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "3457EB8F-DB19-4835-A7F8-D272DE2E499E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa2021:-:*:*:*:*:*:*:*", "matchCriteriaId": "6343DAFA-572F-416F-836E-ABA417E36C02" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa2610-ap_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "9D24E4A2-A665-4741-9EB2-58A514383176" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa2610-ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C8963A0-CE1C-4AD5-AF83-C2C07470D72F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa2611-ap_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "BF773423-95E4-497F-AF5D-449E4E84596C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa2611-ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BCE7133-A2B9-4B15-8852-136AD0043F34" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa2611e-ap_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "89FAEFB2-485B-4F8F-8D2A-C807B47FB7EB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa2611e-ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C0448DD-AB26-475B-99DE-660877CC584B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:nec:univerge_wa2612-ap_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.2.11", "matchCriteriaId": "6CE802AF-7FFA-4066-BF80-9FF35AF7CEE1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:nec:univerge_wa2612-ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "36DFB440-4F76-499B-BDD1-4575F05A0888" } ] } ] } ], "references": [ { "url": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html", "source": "psirt-info@cyber.jp.nec.com", "tags": [ "Vendor Advisory" ] } ] }