mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
131 lines
4.2 KiB
JSON
131 lines
4.2 KiB
JSON
{
|
|
"id": "CVE-2021-21741",
|
|
"sourceIdentifier": "psirt@zte.com.cn",
|
|
"published": "2021-08-30T18:15:08.107",
|
|
"lastModified": "2021-09-07T14:04:59.580",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Un sistema de administraci\u00f3n de conferencias de ZTE, est\u00e1 afectado por una vulnerabilidad de ejecuci\u00f3n de comandos. Dado que el servicio de objetos java de soapmonitor est\u00e1 habilitado por defecto, el atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrario mediante el env\u00edo de una carga \u00fatil deserializada al puerto 5001."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-502"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.16.01u01.01:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "164F10FD-FD8A-470C-B0AC-04B253070FF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.19.01u01.01:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4CA83CD1-309A-4E15-9395-EFB3976EC50E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.20.01u01.01:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C2C3057A-C517-4FF9-B03F-A91DF8DF675D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.21.01.04:p01:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65C1CF13-8E64-4231-BF21-6928C7189502"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zte:zxv10_m910:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A39F1727-2C52-4AC9-9AD1-D6D6D44CE7AE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424",
|
|
"source": "psirt@zte.com.cn",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |