CVE-2021-44746

UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained.

CVSS v3.0 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.necplatforms.co.jp/en/product/security_adv/211217.html	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:univerge_dt830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:univerge_dt830:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:univerge_dt820_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:univerge_dt820:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:univerge_dt930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:univerge_dt930:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:nec:univerge_dt900_data_maintenance_tool:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:nec:univerge_dt800_data_maintenance_tool:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:nec:univerge_ip_phone_manager:*:*:*:*:*:*:*:*

Information

Published : 2022-02-01 07:15

Updated : 2022-02-07 05:51

NVD link : CVE-2021-44746

Mitre link : CVE-2021-44746

JSON object : View

CWE

CWE-668

Exposure of Resource to Wrong Sphere

Advertisement

Products Affected

nec

univerge_dt800_data_maintenance_tool
univerge_dt930_firmware
univerge_dt830_firmware
univerge_dt830
univerge_dt930
univerge_dt820_firmware
univerge_dt820
univerge_ip_phone_manager
univerge_dt900_data_maintenance_tool

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.necplatforms.co.jp/en/product/security_adv/211217.html", "name": "https://www.necplatforms.co.jp/en/product/security_adv/211217.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-668"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-44746", "ASSIGNER": "psirt-info@cyber.jp.nec.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2022-02-01T15:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:nec:univerge_dt830_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.2.7.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:nec:univerge_dt830:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:nec:univerge_dt820_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.2.7.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:nec:univerge_dt820:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:nec:univerge_dt930_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:nec:univerge_dt930:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nec:univerge_dt900_data_maintenance_tool:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.3.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nec:univerge_dt800_data_maintenance_tool:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.2.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nec:univerge_ip_phone_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.9.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-07T13:51Z"}