Lucene search

MitreCVE-2020-15341

HistorySep 29, 2022 - 3:15 a.m.

CVE-2020-15341

2022-09-2903:15:13

CWE-522

mitre

web.nvd.nist.gov

1686

zyxel

cloudcnm

secumanager

cve-2020-15341

unauthenticated update

api

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

72.4%

JSON

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.

Affected configurations

Nvd

Node

zyxelcloudcnm_secumanagerMatch3.1.0

zyxelcloudcnm_secumanagerMatch3.1.1

VendorProductVersionCPE
zyxelcloudcnm_secumanager3.1.0cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.0:*:*:*:*:*:*:*
zyxelcloudcnm_secumanager3.1.1cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	cloudcnm_secumanager	3.1.0	cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.0:::::::*
zyxel	cloudcnm_secumanager	3.1.1	cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.1:::::::*

References

pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html

www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

72.4%

JSON

Related for CVE-2020-15341