CVE-2020-5637

Опубликовано: 14 дек. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 5.2

EPSS Низкий

Описание

Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program.

Ссылки

https://jvn.jp/en/jp/JVN55917325/index.html
Third Party Advisory
https://jvn.jp/jp/JVN55917325/index.html
Third Party Advisory
https://www.necplatforms.co.jp/product/security_ap/info_20201211.html
Vendor Advisory
https://jvn.jp/en/jp/JVN55917325/index.html
Third Party Advisory
https://jvn.jp/jp/JVN55917325/index.html
Third Party Advisory
https://www.necplatforms.co.jp/product/security_ap/info_20201211.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:necplatforms:aterm_sa3500g_firmware:*:*:*:*:*:*:*:*

Версия до 3.5.9 (исключая)

cpe:2.3:h:necplatforms:aterm_sa3500g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

6.8 Medium

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-354

Связанные уязвимости

GHSA-446c-h2fq-7hw2

github

больше 3 лет назад