Details of VAR-201711-1233

ID

VAR-201711-1233

TITLE

Arbitrary User Password Reset Vulnerability in Bunker Fortress

Trust: 0.6

sources: CNVD: CNVD-2017-32763

DESCRIPTION

The bunker bastion machine is the industry's first software bastion machine, which provides single point functions of centralized identity authentication, centralized access authorization, centralized access management, centralized operation audit, and simplified operation and management required for remote operation and maintenance management. An arbitrary user password reset vulnerability exists in the Bunker Fortress. An attacker can use the vulnerability to reset the password of any user.

Trust: 0.6

sources: CNVD: CNVD-2017-32763

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32763

AFFECTED PRODUCTS

vendor:

weifangtong information

model:

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2017-32763

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-32763
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-32763
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-32763

PATCH

title:

Bunker Fortress Logic Defect Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/103110

Trust: 0.6

sources: CNVD: CNVD-2017-32763

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-32763

Trust: 0.6

sources: CNVD: CNVD-2017-32763

SOURCES

db:

CNVD

id:

CNVD-2017-32763

LAST UPDATE DATE

2022-05-04T09:29:22.551000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-32763

date:

2017-11-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-32763

date:

2017-11-12T00:00:00