Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Express5800 by NEC Corporation

jvndb-2021-000002

Vulnerability from jvndb

Published

2021-01-04 17:24

Modified

2021-01-08 12:22

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Multiple NEC Products vulnerable to authentication bypass

Details

In Intelligent Platform Management Interface (IPMI) v1.5, Remote Management Control Protocol (RMCP) to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP using LAN, unauthorized session may be established. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN38752718/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5633
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5633
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Corporation	Express5800
	NEC Corporation	iStorage

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000002.html",
  "dc:date": "2021-01-08T12:22+09:00",
  "dcterms:issued": "2021-01-04T17:24+09:00",
  "dcterms:modified": "2021-01-08T12:22+09:00",
  "description": "In Intelligent Platform Management Interface (IPMI) v1.5, Remote Management Control Protocol (RMCP) to access BMC through LAN is prescribed. \r\n\r\nMultiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP using LAN, unauthorized session may be established.\r\n\r\nNEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000002.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:nec:express5800",
      "@product": "Express5800",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:nec:istorage",
      "@product": "iStorage",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000002",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN38752718/index.html",
      "@id": "JVN#38752718",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5633",
      "@id": "CVE-2020-5633",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5633",
      "@id": "CVE-2020-5633",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "Multiple NEC Products vulnerable to authentication bypass"
}