Search

Find a vulnerability

Search criteria

    1 vulnerability found for UNIVERGE WA Series by NEC Platforms, Ltd.

    JVNDB-2022-000016

    Vulnerability from jvndb - Published: 2022-03-10 14:31 - Updated:2022-03-10 14:31
    Severity
    Summary
    UNIVERGE WA Series vulnerable to OS command injection
    Details
    UNIVERGE WA Series provided by NEC Platforms, Ltd. contains an OS command injection vulnerability. Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability (CWE-78). NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000016.html",
      "dc:date": "2022-03-10T14:31+09:00",
      "dcterms:issued": "2022-03-10T14:31+09:00",
      "dcterms:modified": "2022-03-10T14:31+09:00",
      "description": "UNIVERGE WA Series provided by NEC Platforms, Ltd. contains an OS command injection vulnerability.\r\n\r\nRemote system maintenance feature of UNIVERGE WA series \"Local maintenance console/Remote maintenance console/Web based remote console maintenance\" contains an OS command injection vulnerability (CWE-78).\r\n\r\nNEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000016.html",
      "sec:cpe": {
        "#text": "cpe:/a:necplatforms:univerge_wa_series",
        "@product": "UNIVERGE WA Series",
        "@vendor": "NEC Platforms, Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000016",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN72801744/index.html",
          "@id": "JVN#72801744",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-25621",
          "@id": "CVE-2022-25621",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25621",
          "@id": "CVE-2022-25621",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "UNIVERGE WA Series vulnerable to OS command injection"
    }