Sign-up

ID

VAR-202004-2033


CVE

CVE-2020-6867


TITLE

ZENIC ONE R22b Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004830

DESCRIPTION

ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005. ZENIC ONE R22b Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. ZTE ZENIC ONE R22b is a set of network SDN (software defined network) intelligent management and control system of China ZTE Corporation (ZTE). The system includes functions such as network management, network control, network information collection and analysis. A local attacker can use RPC to exploit this vulnerability to cause a denial of service

Trust: 1.8

sources: NVD: CVE-2020-6867 // JVNDB: JVNDB-2020-004830 // VULHUB: VHN-184992 // VULMON: CVE-2020-6867

AFFECTED PRODUCTS

vendor:ztemodel:zenic one r22bscope:eqversion:16.19.10p02sp002

Trust: 1.9

vendor:ztemodel:zenic one r22bscope:eqversion:6.19.10p02sp005

Trust: 1.1

vendor:ztemodel:zenic one r22bscope:eqversion:16.19.10p02sp005

Trust: 0.8

sources: VULMON: CVE-2020-6867 // JVNDB: JVNDB-2020-004830 // NVD: CVE-2020-6867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6867
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004830
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-2495
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184992
value: LOW

Trust: 0.1

VULMON: CVE-2020-6867
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-6867
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004830
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184992
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6867
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004830
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184992 // VULMON: CVE-2020-6867 // JVNDB: JVNDB-2020-004830 // CNNVD: CNNVD-202004-2495 // NVD: CVE-2020-6867

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-184992 // JVNDB: JVNDB-2020-004830 // NVD: CVE-2020-6867

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2495

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004830

PATCH
title:Resource Management Error Vulnerability in a ZTE Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842
Trust: 0.8
title:ZTE ZENIC ONE R22b Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118109
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004830 // 
            
            
            
            CNNVD: CNNVD-202004-2495

EXTERNAL IDS
db:NVDid:CVE-2020-6867
Trust: 2.6
db:ZTEid:1012842
Trust: 1.8
db:JVNDBid:JVNDB-2020-004830
Trust: 0.8
db:CNNVDid:CNNVD-202004-2495
Trust: 0.7
db:VULHUBid:VHN-184992
Trust: 0.1
db:VULMONid:CVE-2020-6867
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184992 // 
            
            
            
            VULMON: CVE-2020-6867 // 
            
            
            
            JVNDB: JVNDB-2020-004830 // 
            
            
            
            CNNVD: CNNVD-202004-2495 // 
            
            
            
            NVD: CVE-2020-6867

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1012842
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-6867
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6867
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/400.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181290
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184992 // 
            
            
            
            VULMON: CVE-2020-6867 // 
            
            
            
            JVNDB: JVNDB-2020-004830 // 
            
            
            
            CNNVD: CNNVD-202004-2495 // 
            
            
            
            NVD: CVE-2020-6867

SOURCES
db:VULHUBid:VHN-184992
db:VULMONid:CVE-2020-6867
db:JVNDBid:JVNDB-2020-004830
db:CNNVDid:CNNVD-202004-2495
db:NVDid:CVE-2020-6867

LAST UPDATE DATE
2024-11-23T23:11:26.428000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184992date:2022-07-12T00:00:00
db:VULMONid:CVE-2020-6867date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-004830date:2020-05-28T00:00:00
db:CNNVDid:CNNVD-202004-2495date:2022-07-14T00:00:00
db:NVDid:CVE-2020-6867date:2024-11-21T05:36:19.420

SOURCES RELEASE DATE
db:VULHUBid:VHN-184992date:2020-04-30T00:00:00
db:VULMONid:CVE-2020-6867date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2020-004830date:2020-05-28T00:00:00
db:CNNVDid:CNNVD-202004-2495date:2020-04-30T00:00:00
db:NVDid:CVE-2020-6867date:2020-04-30T22:15:12.247