CVE-2020-6870

{"id": "CVE-2020-6870", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2020-06-24T16:15:10.987", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013043", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115"}, {"lang": "es", "value": "La versi\u00f3n V12.17.20T115 del producto ZTE U31R20 est\u00e1 afectada por una vulnerabilidad de error de dise\u00f1o. Un atacante podr\u00eda explotar la vulnerabilidad para iniciar sesi\u00f3n en el servidor FTP para manipular la contrase\u00f1a y descargar, modificar, cargar o eliminar archivos ilegalmente, causando una operaci\u00f3n incorrecta del sistema y equipo de administraci\u00f3n de red. Esto afecta: NetNumenU31R20 versi\u00f3n V12.17.20T115"}], "lastModified": "2020-07-06T15:14:36.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:netnumen_u31_r10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7699BE39-D267-4253-94E0-32D8EE211923"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:netnumen_u31_r10_firmware:v12.17.20t115:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA3C6428-9FC4-42FC-984C-D2C6F1E18C3A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}