Details of VAR-201603-0403

ID

VAR-201603-0403

TITLE

Unauthorized Access Vulnerability in Shanghai Ice Peak Network ICEFLOW VPN Router System

Trust: 0.6

sources: CNVD: CNVD-2016-06978

DESCRIPTION

ICEFLOW VPN is a new generation of IPSEC-based Layer 3 intelligent router products developed by Shanghai Bingfeng Network for the actual needs of modern enterprise users. There is an unauthorized access vulnerability in the ICFLOWVPNRouter system of Shanghai Bingfeng Network. Allows an attacker to log in to the system background and gain administrator privileges.

Trust: 0.6

sources: CNVD: CNVD-2016-06978

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06978

AFFECTED PRODUCTS

vendor:

bingfeng computer network

model:

iceflow vpn router system

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-06978

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-06978
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-06978
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-06978

EXTERNAL IDS

db:	WOOYUN	id:	WOOYUN-2015-0134377	Trust: 0.6
db:	CNVD	id:	CNVD-2016-06978	Trust: 0.6

sources: CNVD: CNVD-2016-06978

REFERENCES

url:

http://www.wooyun.org/bugs/wooyun-2015-0134377

Trust: 0.6

sources: CNVD: CNVD-2016-06978

SOURCES

db:

CNVD

id:

CNVD-2016-06978

LAST UPDATE DATE

2022-05-17T02:05:52.397000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-06978

date:

2016-08-31T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-06978

date:

2016-03-16T00:00:00