Details of VAR-202010-1629

ID

VAR-202010-1629

TITLE

Vertiv UPS management module FTP service arbitrary file modification vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-56108

DESCRIPTION

Vertiv Technology Co., Ltd. (Vertiv) was established in 2000. Weidi Technology Co., Ltd. designs, manufactures key infrastructure equipment and provides related services to ensure the sound operation of data centers, communication networks, commercial and industrial facilities, and provides power supply and distribution, thermal management and infrastructure management solutions for the mobile and cloud computing markets. An arbitrary file modification vulnerability in the FTP service of the Vertiv UPS management module allows an attacker to modify the root password in the /etc/passwd file through this vulnerability.

Trust: 0.6

sources: CNVD: CNVD-2020-56108

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-56108

AFFECTED PRODUCTS

vendor:

weidi

model:

ups

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-56108

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-56108
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-56108
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-56108

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-56108

Trust: 0.6

sources: CNVD: CNVD-2020-56108

SOURCES

db:

CNVD

id:

CNVD-2020-56108

LAST UPDATE DATE

2022-05-04T10:03:21.554000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-56108

date:

2020-10-14T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-56108

date:

2020-10-10T00:00:00