CVE-2021-44746

UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.necplatforms.co.jp/en/product/security_adv/211217.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:univerge_dt830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:univerge_dt830:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:univerge_dt820_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:univerge_dt820:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:univerge_dt930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:univerge_dt930:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:nec:univerge_dt900_data_maintenance_tool:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:nec:univerge_dt800_data_maintenance_tool:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:nec:univerge_ip_phone_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-01 15:15

Updated : 2023-08-08 14:22

NVD link : CVE-2021-44746

Mitre link : CVE-2021-44746

CVE.ORG link : CVE-2021-44746

JSON object : View

Products Affected

nec

univerge_dt800_data_maintenance_tool
univerge_ip_phone_manager
univerge_dt820_firmware
univerge_dt930
univerge_dt830_firmware
univerge_dt900_data_maintenance_tool
univerge_dt820
univerge_dt830
univerge_dt930_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-44746", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-02-01T15:15:07.960", "references": [{"url": "https://www.necplatforms.co.jp/en/product/security_adv/211217.html", "tags": ["Vendor Advisory"], "source": "psirt-info@cyber.jp.nec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained."}, {"lang": "es", "value": "UNIVERGE DT 820 versiones V3.2.7.0 y anteriores, UNIVERGE DT 830 versiones V5.2.7.0 y anteriores, UNIVERGE DT 930 versiones V2.4.0.0 y anteriores, IP Phone Manager versiones V8.9.1 y anteriores, Data Maintenance Tool for DT900 Series versiones V5.3.0.0 y anteriores, Data Maintenance Tool for DT800 Series versiones V4.2.0.0 y anteriores permiten que un atacante remoto que pueda acceder a la red interna, pueda obtener la informaci\u00f3n de configuraci\u00f3n"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:univerge_dt830_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21C737B4-8BBD-4778-B5DC-2711BF8B81D7", "versionEndIncluding": "5.2.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:univerge_dt830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD6A37BD-F29F-486A-B720-8A0FE0D649FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:univerge_dt820_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDCC5D81-2C29-424A-9436-89F39FBDE2BC", "versionEndIncluding": "3.2.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:univerge_dt820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA101E60-B52E-4968-B012-903086A152CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:univerge_dt930_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D2920E-101A-4209-9AF3-7BDD3A006FFC", "versionEndIncluding": "2.4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:univerge_dt930:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FC3A718-D46C-400F-93CE-BEE0E8C0FE6F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nec:univerge_dt900_data_maintenance_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69E42A84-0201-43E6-977F-8439195E1D26", "versionEndIncluding": "5.3.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nec:univerge_dt800_data_maintenance_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30375D6-06E6-4837-8738-647EDE37FEBD", "versionEndIncluding": "4.2.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nec:univerge_ip_phone_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8052BA2-3EE8-42A4-B448-922DB349B2C3", "versionEndIncluding": "8.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com"}