Details of VAR-202004-2031

ID

VAR-202004-2031

CVE

CVE-2020-6865

TITLE

OSCP Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004828

DESCRIPTION

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.8

sources: NVD: CVE-2020-6865 // JVNDB: JVNDB-2020-004828 // VULHUB: VHN-184990 // VULMON: CVE-2020-6865

AFFECTED PRODUCTS

vendor:	zte	model:	oscp	scope:	eq	version:	16.19.10	Trust: 1.9
vendor:	zte	model:	oscp	scope:	eq	version:	16.19.20	Trust: 1.9

sources: VULMON: CVE-2020-6865 // JVNDB: JVNDB-2020-004828 // NVD: CVE-2020-6865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6865
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004828
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-2493
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-184990
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-6865
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-6865
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004828
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-184990
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6865
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004828
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184990 // VULMON: CVE-2020-6865 // JVNDB: JVNDB-2020-004828 // CNNVD: CNNVD-202004-2493 // NVD: CVE-2020-6865

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-184990 // JVNDB: JVNDB-2020-004828 // NVD: CVE-2020-6865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2493

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2493

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004828

PATCH

title:	Information Leak Vulnerability in a ZTE Product	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012782	Trust: 0.8
title:	ZTE SDN controller platform Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117567	Trust: 0.6

sources: JVNDB: JVNDB-2020-004828 // CNNVD: CNNVD-202004-2493

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6865	Trust: 2.6
db:	ZTE	id:	1012782	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-004828	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2493	Trust: 0.7
db:	VULHUB	id:	VHN-184990	Trust: 0.1
db:	VULMON	id:	CVE-2020-6865	Trust: 0.1

sources: VULHUB: VHN-184990 // VULMON: CVE-2020-6865 // JVNDB: JVNDB-2020-004828 // CNNVD: CNNVD-202004-2493 // NVD: CVE-2020-6865

REFERENCES

url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1012782	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6865	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6865	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181292	Trust: 0.1

sources: VULHUB: VHN-184990 // VULMON: CVE-2020-6865 // JVNDB: JVNDB-2020-004828 // CNNVD: CNNVD-202004-2493 // NVD: CVE-2020-6865

SOURCES

db:	VULHUB	id:	VHN-184990
db:	VULMON	id:	CVE-2020-6865
db:	JVNDB	id:	JVNDB-2020-004828
db:	CNNVD	id:	CNNVD-202004-2493
db:	NVD	id:	CVE-2020-6865

LAST UPDATE DATE

2024-11-23T22:25:31.662000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184990	date:	2020-05-05T00:00:00
db:	VULMON	id:	CVE-2020-6865	date:	2020-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-004828	date:	2020-05-28T00:00:00
db:	CNNVD	id:	CNNVD-202004-2493	date:	2021-07-13T00:00:00
db:	NVD	id:	CVE-2020-6865	date:	2024-11-21T05:36:19.237

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184990	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2020-6865	date:	2020-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-004828	date:	2020-05-28T00:00:00
db:	CNNVD	id:	CNNVD-202004-2493	date:	2020-04-30T00:00:00
db:	NVD	id:	CVE-2020-6865	date:	2020-04-30T22:15:12.150