Lucene search

KrcertCVE-2020-7847

HistoryFeb 23, 2021 - 4:15 p.m.

CVE-2020-7847

2021-02-2316:15:13

CWE-434

krcert

web.nvd.nist.gov

iptime nas

file upload

vulnerability

remote code execution

cve-2020-7847

nvd

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

Affected configurations

Nvd

Node

iptimenas-iMatch-

AND

iptimenas-i_firmwareRange<1.4.36

Node

iptimenas-iiMatch-

AND

iptimenas-ii_firmwareRange<1.4.36

Node

iptimenas-iieMatch-

AND

iptimenas-iie_firmwareRange<1.4.36

Node

iptimenas101Match-

AND

iptimenas101_firmwareRange<1.4.36

Node

iptimenas1dualMatch-

AND

iptimenas1dual_firmwareRange<1.4.36

Node

iptimenas2dualMatch-

AND

iptimenas2dual_firmwareRange<1.4.36

Node

iptimenas3Match-

AND

iptimenas3_firmwareRange<1.4.36

Node

iptimenas4Match-

AND

iptimenas4_firmwareRange<1.4.36

Node

iptimenas4dual_firmwareRange<1.4.36

AND

iptimenas4dualMatch-

VendorProductVersionCPE
iptimenas-i-cpe:2.3:h:iptime:nas-i:-:*:*:*:*:*:*:*
iptimenas-i_firmware*cpe:2.3:o:iptime:nas-i_firmware:*:*:*:*:*:*:*:*
iptimenas-ii-cpe:2.3:h:iptime:nas-ii:-:*:*:*:*:*:*:*
iptimenas-ii_firmware*cpe:2.3:o:iptime:nas-ii_firmware:*:*:*:*:*:*:*:*
iptimenas-iie-cpe:2.3:h:iptime:nas-iie:-:*:*:*:*:*:*:*
iptimenas-iie_firmware*cpe:2.3:o:iptime:nas-iie_firmware:*:*:*:*:*:*:*:*
iptimenas101-cpe:2.3:h:iptime:nas101:-:*:*:*:*:*:*:*
iptimenas101_firmware*cpe:2.3:o:iptime:nas101_firmware:*:*:*:*:*:*:*:*
iptimenas1dual-cpe:2.3:h:iptime:nas1dual:-:*:*:*:*:*:*:*
iptimenas1dual_firmware*cpe:2.3:o:iptime:nas1dual_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iptime	nas-i	-	cpe:2.3:h:iptime:nas-i:-:::::::*
iptime	nas-i_firmware	*	cpe:2.3:o:iptime:nas-i_firmware::::::::
iptime	nas-ii	-	cpe:2.3:h:iptime:nas-ii:-:::::::*
iptime	nas-ii_firmware	*	cpe:2.3:o:iptime:nas-ii_firmware::::::::
iptime	nas-iie	-	cpe:2.3:h:iptime:nas-iie:-:::::::*
iptime	nas-iie_firmware	*	cpe:2.3:o:iptime:nas-iie_firmware::::::::
iptime	nas101	-	cpe:2.3:h:iptime:nas101:-:::::::*
iptime	nas101_firmware	*	cpe:2.3:o:iptime:nas101_firmware::::::::
iptime	nas1dual	-	cpe:2.3:h:iptime:nas1dual:-:::::::*
iptime	nas1dual_firmware	*	cpe:2.3:o:iptime:nas1dual_firmware::::::::

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "ipTIME NAS ",
    "vendor": "EFM Networks",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.36"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35921

Social References

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for CVE-2020-7847