SB2021010405 - Multiple vulnerabilities in NEC Platforms UNIVERGE SV9500/SV8500 series

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021010405

SB2021010405 - Multiple vulnerabilities in NEC Platforms UNIVERGE SV9500/SV8500 series

Published: January 4, 2021

Security Bulletin ID SB2021010405
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) OS Command Injection (CVE-ID: CVE-2020-5685)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker on the local network can send a specially crafted request and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2020-5686)

The vulnerability allows a remote attacker to to bypass authentication process.

The vulnerability exists due to incorrect implementation of authentication algorithm. A remote attacker on the local network can send a specially crafted request, access the remote system maintenance feature and disclose sensitive information.


Remediation

Install update from vendor's website.

References