Sign-up

ID

VAR-201706-1117


TITLE

Lenovo Network Royal Smart-V Firewall Has SNMP Protocol Community String Authentication Permission Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-06660

DESCRIPTION

Smart-V firewall is a security device that integrates ADSL dial-up, routing, firewall, VPN, switch and other functions. The Lenovo NET Smart-V firewall has an SNMP protocol community string authentication permission bypass vulnerability that allows an attacker to use arbitrary strings or integer values to bypass SNMP access control and write arbitrary strings in the MIB To get device sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2017-06660

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06660

AFFECTED PRODUCTS

vendor:lenovo network royalmodel:smart-v firewallscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-06660

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-06660
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-06660
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-06660

PATCH

title:Lenovo Smart-V firewall has SNMP protocol community string authentication permission bypass vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/93740

Trust: 0.6

sources: CNVD: CNVD-2017-06660

EXTERNAL IDS

db:CNVDid:CNVD-2017-06660

Trust: 0.6

sources: CNVD: CNVD-2017-06660

SOURCES

db:CNVDid:CNVD-2017-06660

LAST UPDATE DATE

2022-05-04T09:29:33.002000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-06660date:2017-05-22T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-06660date:2017-06-27T00:00:00