Sign-up

ID

VAR-202006-1899


TITLE

EPX3000 configuration management system has arbitrary file download vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-30161

DESCRIPTION

The EPX3000 series is a high-performance multimedia communication switching equipment, which is mainly suitable for various enterprise multimedia communication business applications. The EPX3000 configuration management system has an arbitrary file download vulnerability, which can be exploited by an attacker to download arbitrary files.

Trust: 0.6

sources: CNVD: CNVD-2020-30161

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-30161

AFFECTED PRODUCTS

vendor:yunyi communicationmodel:epx3000 configuration management systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-30161

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-30161
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2020-30161
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-30161

PATCH

title:EPX3000 configuration management system has arbitrary file download vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/217811

Trust: 0.6

sources: CNVD: CNVD-2020-30161

EXTERNAL IDS

db:CNVDid:CNVD-2020-30161

Trust: 0.6

sources: CNVD: CNVD-2020-30161

SOURCES

db:CNVDid:CNVD-2020-30161

LAST UPDATE DATE

2022-05-04T10:10:55.587000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-30161date:2020-05-28T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-30161date:2020-06-29T00:00:00