CVE-2020-5686
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
Una implementación incorrecta del problema del algoritmo de autenticación en la serie UNIVERGE SV9500 desde versiones V1 hasta V7 y la serie SV8500 desde versiones S6 hasta S8, permite a un atacante acceder a la funcionalidad de mantenimiento del sistema remoto y obtener la información mediante el envío de una petición especialmente diseñada para una URL específica.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-06 CVE Reserved
- 2021-01-13 CVE Published
- 2023-09-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN38784555/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.necplatforms.co.jp/en/press/security_adv.html | 2021-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nec Search vendor "Nec" | Univerge Sv9500 Firmware Search vendor "Nec" for product "Univerge Sv9500 Firmware" | >= v1 <= v7 Search vendor "Nec" for product "Univerge Sv9500 Firmware" and version " >= v1 <= v7" | - |
Affected
| in | Nec Search vendor "Nec" | Univerge Sv9500 Search vendor "Nec" for product "Univerge Sv9500" | - | - |
Safe
|
| Nec Search vendor "Nec" | Univerge Sv8500 Firmware Search vendor "Nec" for product "Univerge Sv8500 Firmware" | >= s6 <= s8 Search vendor "Nec" for product "Univerge Sv8500 Firmware" and version " >= s6 <= s8" | - |
Affected
| in | Nec Search vendor "Nec" | Univerge Sv8500 Search vendor "Nec" for product "Univerge Sv8500" | - | - |
Safe
|