Sign-up

ID

VAR-201709-1251


TITLE

Shenzhen Guowei Saina Technology Co., Ltd. NSN9000i Series IPPBX System Digital Program Controlled User Switch Has Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-21485

DESCRIPTION

NSN9000i series IPPBX system is a new generation of hybrid IPPBX system developed by Sina Technology based on the latest IP technology based on domestic market. This system combines the digital program-controlled subscriber switch platform developed by Senna Technology and the popular Asterisk application platform. The two systems operate seamlessly. Shenzhen Guowei Senna Technology Co., Ltd.'s NSN9000i series IPPBX system digital program-controlled user switch has an unauthorized access vulnerability. An attacker bypasses authorization authentication and accesses sensitive directories or files to log in to the system.

Trust: 0.6

sources: CNVD: CNVD-2017-21485

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-21485

AFFECTED PRODUCTS

vendor:guowei sainamodel:nsn9000i series ippbx systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-21485

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-21485
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-21485
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-21485

PATCH

title:Shenzhen Sina Technology Co., Ltd. NSN9000i Series IPPBX System Digital Program Controlled User Switch Has Unauthorized Access Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/100260

Trust: 0.6

sources: CNVD: CNVD-2017-21485

EXTERNAL IDS

db:CNVDid:CNVD-2017-21485

Trust: 0.6

sources: CNVD: CNVD-2017-21485

SOURCES

db:CNVDid:CNVD-2017-21485

LAST UPDATE DATE

2022-05-04T10:22:37.653000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-21485date:2017-09-03T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-21485date:2017-09-17T00:00:00