Details of VAR-201802-1414

ID

VAR-201802-1414

TITLE

Lenovo firewall has weak password and remote command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01059

DESCRIPTION

LFW800E is a gigabit intelligent firewall developed by Lenovo Tiangong Networks for network security applications of medium-sized enterprises. Lenovo Firewall has weak passwords and remote command execution vulnerabilities. Attackers can use this vulnerability to successfully log in to the system, obtain sensitive information, upload webshells, and obtain server permissions.

Trust: 0.6

sources: CNVD: CNVD-2018-01059

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-01059

AFFECTED PRODUCTS

vendor:

lenovo tiangong network

model:

lfw800e firewall

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2018-01059

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-01059
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-01059
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-01059

PATCH

title:

Lenovo firewall has weak passwords and command execution vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/112343

Trust: 0.6

sources: CNVD: CNVD-2018-01059

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-01059

Trust: 0.6

sources: CNVD: CNVD-2018-01059

SOURCES

db:

CNVD

id:

CNVD-2018-01059

LAST UPDATE DATE

2022-05-04T09:17:08.567000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-01059

date:

2018-02-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-01059

date:

2018-02-14T00:00:00