Details of VAR-202007-1516

ID

VAR-202007-1516

TITLE

New H3C Technology Co., Ltd. web network management system has an arbitrary file download vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-42682

DESCRIPTION

New H3C Technology Co., Ltd. is committed to becoming a trusted partner for customers' business innovation and digital transformation. The web network management system of New H3C Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files on the server and obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2020-42682

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-42682

AFFECTED PRODUCTS

vendor:

new h3c

model:

web network management system

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-42682

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-42682
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-42682
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-42682

PATCH

title:

H3C network management system products have arbitrary file download vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/220513

Trust: 0.6

sources: CNVD: CNVD-2020-42682

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-42682

Trust: 0.6

sources: CNVD: CNVD-2020-42682

SOURCES

db:

CNVD

id:

CNVD-2020-42682

LAST UPDATE DATE

2022-05-04T09:02:35.190000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-42682

date:

2020-07-30T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-42682

date:

2020-07-19T00:00:00