Details of VAR-201802-1413

ID

VAR-201802-1413

TITLE

Zhongke Gateway ANYSEC Security Gateway Has Default Password and Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-00863

DESCRIPTION

ANYSEC-M6100 is a standard 1U rackmount VPN secure access gateway. There are default passwords and remote command execution vulnerabilities in the China Netcom ANYSEC security gateway, allowing attackers to log in to the background, construct specific code, execute commands remotely, write to a webshell, and obtain server permissions.

Trust: 0.6

sources: CNVD: CNVD-2018-00863

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00863

AFFECTED PRODUCTS

vendor:

zhongke wangwei information

model:

anysec-m6100

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2018-00863

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00863
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-00863
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-00863

PATCH

title:

Zhongke Gateway Anysec Security Gateway Has Default Password and Command Execution Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/112353

Trust: 0.6

sources: CNVD: CNVD-2018-00863

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-00863

Trust: 0.6

sources: CNVD: CNVD-2018-00863

SOURCES

db:

CNVD

id:

CNVD-2018-00863

LAST UPDATE DATE

2022-05-04T10:00:49.483000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00863

date:

2018-01-15T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-00863

date:

2018-02-14T00:00:00