nvd-json-data-feeds/CVE-2020/CVE-2020-67xx/CVE-2020-6760.json

{
  "id": "CVE-2020-6760",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-02-06T21:15:11.580",
  "lastModified": "2020-02-11T19:20:14.337",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping."
    },
    {
      "lang": "es",
      "value": "Los enrutadores Schmid ZI 620 V400 VPN 090, permiten a un atacante ejecutar comandos de Sistema Operativo como root por medio de metacaracteres de shell hacia una entrada en el men\u00fa de subcomando SSH, como es demostrado mediante el ping."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:schmid-telecom:zi_620_v400_firmware:090:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B9E6E9-4A8A-4F2E-BA75-819B53E667A1"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:schmid-telecom:zi_620_v400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3628E4-BD24-4C13-A190-34EB1C5A985E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/0xedh/someshit/blob/master/CVE-2020-6760.md",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}