Details of VAR-201709-1250

ID

VAR-201709-1250

TITLE

Principal Century NSAE Application Security Gateway Has Arbitrary File Download Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-18129

DESCRIPTION

NSAE Application Security Gateway is a hardware device independently developed by Principal Century to provide security proxy services for application systems. There is an arbitrary file download vulnerability in the Principal Century NSAE Application Security Gateway. An attacker could use this vulnerability to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2017-18129

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-18129

AFFECTED PRODUCTS

vendor:

xin an century

model:

nsae application security gateway

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2017-18129

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-18129
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-18129
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-18129

PATCH

title:

Principal Century NSAE Application Security Gateway Has Arbitrary File Download Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/99099

Trust: 0.6

sources: CNVD: CNVD-2017-18129

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-18129

Trust: 0.6

sources: CNVD: CNVD-2017-18129

SOURCES

db:

CNVD

id:

CNVD-2017-18129

LAST UPDATE DATE

2022-05-04T10:12:02.598000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-18129

date:

2018-10-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-18129

date:

2017-09-06T00:00:00