[Japanese]

JVNDB-2021-000001

Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Overview

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below.
*OS Command Injection (CWE-78) - CVE-2020-5685
*Incorrect Implementation of Authentication Algorithm (CWE-303) - CVE-2020-5686

NEC Platforms, Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.6 (Critical) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2020-5685

CVSS V3 Severity:
Base Metrics: 7.6 (High) [IPA Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics: 5.8 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2020-5686
Affected Products


NEC Platforms, Ltd.
  • UNIVERGE SV8500 Series from S6 to S8
  • UNIVERGE SV9500 Series from V1 to V7

Impact

*If an attacker who can access the device sends a specially crafted request to a specific URL, an arbitrary command may be executed or a denial-of-service (DoS) condition may be caused - CVE-2020-5685

*If an attacker who can access the device sends a specially crafted request to a specific URL, the remote system maintenance feature may be accessed illegally and information may be disclosed - CVE-2020-5686
Solution

[Update the Software]
Update to the software according to the information provided by the developer.
Contact your product dealer for details of the update.

[Apply the workarounds]
Applying the following workarounds may mitigate the impacts of these vulnerabilities.

*Do not directly connect the products to an external network such as the Internet.
*Explicitly create an access rule based on source IP addresses/destination IP addresses/port numbers for network connection to the products.
Vendor Information

NEC Platforms, Ltd.
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
  2. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2020-5685
  2. CVE-2020-5686
References

  1. JVN : JVN#38784555
  2. National Vulnerability Database (NVD) : CVE-2020-5685
  3. National Vulnerability Database (NVD) : CVE-2020-5686
Revision History

  • [2021/01/04]
      Web page was published

Date Public2021/01/04
Date First Published2021/01/04
Date Last Updated2021/01/04