CVE-2020-6867 (GCVE-0-2020-6867)
Vulnerability from cvelistv5 – Published: 2020-04-30 21:13 – Updated: 2024-08-04 09:11
VLAI
EPSS
VEX
Summary
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.
Severity
5.5 (Medium)
CWE
- resource management error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZENIC ONE R22b |
Affected:
V16.19.10P02SP002
Affected: V16.19.10P02SP005 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZENIC ONE R22b",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V16.19.10P02SP002"
},
{
"status": "affected",
"version": "V16.19.10P02SP005"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE\u0027s SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "resource management error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-30T21:13:18.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2020-6867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZENIC ONE R22b",
"version": {
"version_data": [
{
"version_value": "V16.19.10P02SP002"
},
{
"version_value": "V16.19.10P02SP005"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE\u0027s SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "resource management error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2020-6867",
"datePublished": "2020-04-30T21:13:18.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-6867",
"date": "2026-07-16",
"epss": "0.0035",
"percentile": "0.27188"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-6867\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2020-04-30T22:15:12.247\",\"lastModified\":\"2024-11-21T05:36:19.420\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZTE\u0027s SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.\"},{\"lang\":\"es\",\"value\":\"El controlador SDON de ZTE est\u00e1 afectado por una vulnerabilidad de error de administraci\u00f3n de los recursos. Cuando RPC es frecuentemente llamado por otras aplicaciones en el caso de datos de tr\u00e1fico masivo en el sistema, resultar\u00eda en no responder por un largo tiempo y un riesgo de desbordamiento de memoria. Esto afecta a: ZENIC ONE R22b versiones V16.19.10P02SP002 y V16.19.10P02SP005.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zte:zenic_one_r22b:6.19.10p02sp005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5876A67-E2FB-4847-AD2F-0D013CE9ADDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zte:zenic_one_r22b:16.19.10p02sp002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C8E7293-C414-4694-B629-FD8AEC8F171F\"}]}]}],\"references\":[{\"url\":\"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-05-22T17:30:46+00:00",
"cve": "CVE-2020-6867",
"id": "CVE-2020-6867",
"initial_release_date": "2020-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "CVE-2020-6867",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-6867.json",
"version": "3"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…