Details of VAR-202101-2005

ID

VAR-202101-2005

TITLE

An arbitrary file download vulnerability exists in the UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2020-68692

DESCRIPTION

The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system. The UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files.

Trust: 0.6

sources: CNVD: CNVD-2020-68692

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-68692

AFFECTED PRODUCTS

vendor:

zhongchuang video

model:

ucm collaborative communication platform

scope:

version:

2.*

Trust: 0.6

sources: CNVD: CNVD-2020-68692

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-68692
value:	LOW
Trust: 0.6

CNVD:	CNVD-2020-68692
severity:	LOW
baseScore:	2.1
vectorString:	AV:N/AC:H/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-68692

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-68692

Trust: 0.6

sources: CNVD: CNVD-2020-68692

SOURCES

db:

CNVD

id:

CNVD-2020-68692

LAST UPDATE DATE

2022-05-04T09:32:35.181000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-68692

date:

2020-12-03T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-68692

date:

2021-01-03T00:00:00