Details of VAR-201611-0419

ID

VAR-201611-0419

TITLE

Beijing Yuanwei Software Co., Ltd. Security Isolation Gateway has multiple command execution vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-10878

DESCRIPTION

Beijing Yuanwei Software Co., Ltd. Security Isolation Gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. There are several command execution vulnerabilities in the security isolation gateway of Beijing Yuanwei Software Co., Ltd. An attacker exploits a vulnerability executable system command to obtain sensitive information, which in turn provides administrator privileges.

Trust: 0.6

sources: CNVD: CNVD-2016-10878

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10878

AFFECTED PRODUCTS

vendor:

yuanwei

model:

security isolation gateway system

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-10878

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-10878
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-10878
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-10878

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-10878

Trust: 0.6

sources: CNVD: CNVD-2016-10878

REFERENCES

url:

http://loudong.360.cn/vul/info/id/187737;https

Trust: 0.6

sources: CNVD: CNVD-2016-10878

SOURCES

db:

CNVD

id:

CNVD-2016-10878

LAST UPDATE DATE

2022-05-04T09:23:32.544000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-10878

date:

2016-11-10T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-10878

date:

2016-11-10T00:00:00