Sign-up

ID

VAR-201706-1139


TITLE

ZTE ZXSS10 Two Voice Gateway Integrated Access Devices Have SNMP String Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-06789

DESCRIPTION

ZXSS10 I524-FXS2400A and ZXSS10 I508-FXS0800B are two integrated voice gateway access devices of ZTE Corporation. ZTE ZXSS10 integrated voice gateway access device has SNMP string bypass vulnerability. Attackers can use arbitrary strings or integer values to bypass SNMP access control and write arbitrary strings in the MIB (Management Information Base) to obtain sensitive information about the device.

Trust: 0.6

sources: CNVD: CNVD-2017-06789

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06789

AFFECTED PRODUCTS

vendor:ztemodel:voice gateway zxss10 i524-fxs2400ascope: - version: -

Trust: 0.6

vendor:ztemodel:voice gateway zxss10 zi508-fxs0800bscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-06789

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-06789
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-06789
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-06789

PATCH

title:ZTE ZXSS10 Two Voice Gateway Integrated Access Devices Have SNMP String Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/93656

Trust: 0.6

sources: CNVD: CNVD-2017-06789

EXTERNAL IDS

db:CNVDid:CNVD-2017-06789

Trust: 0.6

sources: CNVD: CNVD-2017-06789

SOURCES

db:CNVDid:CNVD-2017-06789

LAST UPDATE DATE

2022-05-04T09:56:51.144000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-06789date:2017-05-22T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-06789date:2017-06-27T00:00:00