CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5686
https://notcve.org/view.php?id=CVE-2020-5686
13 Jan 2021 — Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. Una implementación incorrecta del problema del algoritmo de autenticación en la serie UNIVERGE SV9500 desde versiones V1 hasta V7 y la serie SV8500 desde versiones S6 hasta S8, permite a un atacante acceder a la funcionalidad de m... • https://jvn.jp/en/jp/JVN38784555/index.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-5633
https://notcve.org/view.php?id=CVE-2020-5633
13 Jan 2021 — Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. Múltiples productos NEC (Express5800/T110j, Express5800/T110j-S, Ex... • https://jpn.nec.com/security-info/secinfo/nv21-002.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5685
https://notcve.org/view.php?id=CVE-2020-5685
13 Jan 2021 — UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL. La serie UNIVERGE SV9500 desde versiones V1 hasta V7 y la serie SV8500 desde versiones S6 hasta S8, permite a un atacante ejecutar comandos arbitrarios del Sistema Operativo o causar una condición de denegación de servicio (DoS) mediante el envío de una petición especialmente diseñada a u... • https://jvn.jp/en/jp/JVN38784555/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-5684
https://notcve.org/view.php?id=CVE-2020-5684
24 Dec 2020 — iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. El cliente iSM desde versiones V5.1 anteriores a V12.1, que se ejecutan en NEC Storage Manager o NEC Storage Manager Express no verifican un certificado de servidor apropiadamente, el cual permite a un atacante de tipo ... • https://jpn.nec.com/security-info/secinfo/nv20-015.html • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-5632
https://notcve.org/view.php?id=CVE-2020-5632
06 Oct 2020 — InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege v... • https://jpn.nec.com/infocage/siteshell/everyone_20200918.html •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2020-17408 – NEC ExpressCluster ApplyConfig XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-17408
08 Sep 2020 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this ... • https://www.support.nec.co.jp/en/View.aspx?id=9510100319 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20033
https://notcve.org/view.php?id=CVE-2019-20033
29 Jul 2020 — On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface. En On Aspire-derived NEC PBXes, incluidas todas las versiones de dispositivos SV8100, puede ser usado un conjunto de credenciales de inicio de sesión estáticas documentadas para acceder a la interfaz DIM • https://shadytel.su/files/nec_cve.txt • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20032
https://notcve.org/view.php?id=CVE-2019-20032
29 Jul 2020 — An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem. Un atacante con acceso a un buzón de correo de voz de InMail equipado con la funcionalidad find me/follow me en Aspire-derived NEC PBXes, incluyendo todas las versiones de los dispositivos SV8100, SV9100, SL1100 y SL2100, puede acceder al módem de administración del sistem... • https://shadytel.su/files/nec_cve.txt •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20031
https://notcve.org/view.php?id=CVE-2019-20031
29 Jul 2020 — NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. NEC UM8000, UM4730 y anteriores a sistemas de correo de voz que no son InMail con todas las versiones de software conocidas pueden permitir un número infinito de intentos de inicio de sesión en la interfaz de usuario del teléfono (TUI), permitiendo efectivamente ataques de fuerza bruta • https://shadytel.su/files/nec_cve.txt • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20030
https://notcve.org/view.php?id=CVE-2019-20030
29 Jul 2020 — An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected. Un atacante con conocimiento del número de acceso al módem en un sistema de correo de voz de NEC UM8000 puede usar túneles SSH o utilidades estándar de Linux para obtener acceso al puerto LAN del sistema. Todas las versiones están afectadas • https://shadytel.su/files/nec_cve.txt •