Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for UNIVERGE SV9100 by NEC Platforms, Ltd.

jvndb-2021-000023

Vulnerability from jvndb

Published

2021-03-22 14:57

Modified

2021-03-22 14:57

Severity ?

3.1 (Low) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Summary

UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)

Details

Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service (DoS). NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN12737530/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20677
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20677
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Platforms, Ltd.	SL2100
	NEC Platforms, Ltd.	UNIVERGE Aspire UX
	NEC Platforms, Ltd.	UNIVERGE Aspire WX
	NEC Platforms, Ltd.	UNIVERGE SV9100

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000023.html",
  "dc:date": "2021-03-22T14:57+09:00",
  "dcterms:issued": "2021-03-22T14:57+09:00",
  "dcterms:modified": "2021-03-22T14:57+09:00",
  "description": "Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service (DoS).\r\n\r\nNEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000023.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:necplatforms:sl2100_firmware",
      "@product": "SL2100",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:univerge_aspire_ux_firmware",
      "@product": "UNIVERGE Aspire UX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:univerge_aspire_wx_firmware",
      "@product": "UNIVERGE Aspire WX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:univerge_sv9100_firmware",
      "@product": "UNIVERGE SV9100",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "3.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "3.1",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000023",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN12737530/index.html",
      "@id": "JVN#12737530",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20677",
      "@id": "CVE-2021-20677",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20677",
      "@id": "CVE-2021-20677",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)"
}