Lucene search

[email protected]NVD:CVE-2021-20676

HistoryMar 18, 2021 - 1:15 a.m.

CVE-2021-20676

2021-03-1801:15:12

CWE-863

[email protected]

web.nvd.nist.gov

m-system dl8

remote attackers

access restriction bypass

authenticated

unspecified vectors

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

35.3%

JSON

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors.

Affected configurations

Nvd

Node

m-systemdl8-a_firmwareRange<3.0.81

AND

m-systemdl8-aMatch-

Node

m-systemdl8-b_firmwareRange<3.0.77

AND

m-systemdl8-bMatch-

Node

m-systemdl8-c_firmwareRange<3.0.99

AND

m-systemdl8-cMatch-

Node

m-systemdl8-d_firmwareRange<3.0.91

AND

m-systemdl8-dMatch-

Node

m-systemdl8-e_firmwareRange<3.0.12

AND

m-systemdl8-eMatch-

VendorProductVersionCPE
m-systemdl8-a_firmware*cpe:2.3:o:m-system:dl8-a_firmware:*:*:*:*:*:*:*:*
m-systemdl8-a-cpe:2.3:h:m-system:dl8-a:-:*:*:*:*:*:*:*
m-systemdl8-b_firmware*cpe:2.3:o:m-system:dl8-b_firmware:*:*:*:*:*:*:*:*
m-systemdl8-b-cpe:2.3:h:m-system:dl8-b:-:*:*:*:*:*:*:*
m-systemdl8-c_firmware*cpe:2.3:o:m-system:dl8-c_firmware:*:*:*:*:*:*:*:*
m-systemdl8-c-cpe:2.3:h:m-system:dl8-c:-:*:*:*:*:*:*:*
m-systemdl8-d_firmware*cpe:2.3:o:m-system:dl8-d_firmware:*:*:*:*:*:*:*:*
m-systemdl8-d-cpe:2.3:h:m-system:dl8-d:-:*:*:*:*:*:*:*
m-systemdl8-e_firmware*cpe:2.3:o:m-system:dl8-e_firmware:*:*:*:*:*:*:*:*
m-systemdl8-e-cpe:2.3:h:m-system:dl8-e:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
m-system	dl8-a_firmware	*	cpe:2.3:o:m-system:dl8-a_firmware::::::::
m-system	dl8-a	-	cpe:2.3:h:m-system:dl8-a:-:::::::*
m-system	dl8-b_firmware	*	cpe:2.3:o:m-system:dl8-b_firmware::::::::
m-system	dl8-b	-	cpe:2.3:h:m-system:dl8-b:-:::::::*
m-system	dl8-c_firmware	*	cpe:2.3:o:m-system:dl8-c_firmware::::::::
m-system	dl8-c	-	cpe:2.3:h:m-system:dl8-c:-:::::::*
m-system	dl8-d_firmware	*	cpe:2.3:o:m-system:dl8-d_firmware::::::::
m-system	dl8-d	-	cpe:2.3:h:m-system:dl8-d:-:::::::*
m-system	dl8-e_firmware	*	cpe:2.3:o:m-system:dl8-e_firmware::::::::
m-system	dl8-e	-	cpe:2.3:h:m-system:dl8-e:-:::::::*

References

jvn.jp/en/jp/JVN47497535/index.html

www.m-system.co.jp/download_w/dl_dl8updaterE.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

35.3%

JSON

Related for NVD:CVE-2021-20676

prion1 cve1 cvelist1 jvn1