Lucene search

JpcertCVE-2021-20653

HistoryFeb 17, 2021 - 3:15 a.m.

CVE-2021-20653

2021-02-1703:15:12

CWE-276

jpcert

web.nvd.nist.gov

cve-2021-20653

calsos csdj

access restriction bypass

unauthorized data access

nvd

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

45.2%

JSON

Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.

Affected configurations

Nvd

Vulners

Node

neccsdj-b_firmwareRange≤01.08.00

AND

neccsdj-bMatch-

Node

neccsdj-h_firmwareRange≤01.08.00

AND

neccsdj-hMatch-

Node

neccsdj-d_firmwareRange≤01.08.00

AND

neccsdj-dMatch-

Node

neccsdj-a_firmwareRange≤03.08.00

AND

neccsdj-aMatch-

VendorProductVersionCPE
neccsdj-b_firmware*cpe:2.3:o:nec:csdj-b_firmware:*:*:*:*:*:*:*:*
neccsdj-b-cpe:2.3:h:nec:csdj-b:-:*:*:*:*:*:*:*
neccsdj-h_firmware*cpe:2.3:o:nec:csdj-h_firmware:*:*:*:*:*:*:*:*
neccsdj-h-cpe:2.3:h:nec:csdj-h:-:*:*:*:*:*:*:*
neccsdj-d_firmware*cpe:2.3:o:nec:csdj-d_firmware:*:*:*:*:*:*:*:*
neccsdj-d-cpe:2.3:h:nec:csdj-d:-:*:*:*:*:*:*:*
neccsdj-a_firmware*cpe:2.3:o:nec:csdj-a_firmware:*:*:*:*:*:*:*:*
neccsdj-a-cpe:2.3:h:nec:csdj-a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nec	csdj-b_firmware	*	cpe:2.3:o:nec:csdj-b_firmware::::::::
nec	csdj-b	-	cpe:2.3:h:nec:csdj-b:-:::::::*
nec	csdj-h_firmware	*	cpe:2.3:o:nec:csdj-h_firmware::::::::
nec	csdj-h	-	cpe:2.3:h:nec:csdj-h:-:::::::*
nec	csdj-d_firmware	*	cpe:2.3:o:nec:csdj-d_firmware::::::::
nec	csdj-d	-	cpe:2.3:h:nec:csdj-d:-:::::::*
nec	csdj-a_firmware	*	cpe:2.3:o:nec:csdj-a_firmware::::::::
nec	csdj-a	-	cpe:2.3:h:nec:csdj-a:-:::::::*

CNA Affected

[
  {
    "product": "Calsos CSDJ",
    "vendor": "NEC Platforms, Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier"
      }
    ]
  }
]

References

jpn.nec.com/security-info/secinfo/nv21-006.html

jvn.jp/en/jp/JVN87164507/index.html

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

45.2%

JSON

Related for CVE-2021-20653