CVE-2021-21733

The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015304	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zte:zxcdn:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-05-19 12:15

Updated : 2021-05-28 21:04

NVD link : CVE-2021-21733

Mitre link : CVE-2021-21733

CVE.ORG link : CVE-2021-21733

JSON object : View

Products Affected

zte

zxcdn

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-21733", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-05-19T12:15:07.867", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015304", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02."}, {"lang": "es", "value": "El sistema de administraci\u00f3n de ZXCDN est\u00e1 impactado por una vulnerabilidad de filtraci\u00f3n de informaci\u00f3n. Unos atacantes pueden realizar un an\u00e1lisis m\u00e1s detallado de acuerdo con la informaci\u00f3n devuelta por el programa y luego conseguir informaci\u00f3n confidencial. Esto afecta a ZXCDN V7.01 todas las versiones hasta IAMV7.01.01.02"}], "lastModified": "2021-05-28T21:04:15.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zxcdn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "695B72B3-EA4A-4392-B52E-0235A27A5030", "versionEndExcluding": "iamv7.01.02.02", "versionStartIncluding": "7.01"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@zte.com.cn"}