Details of VAR-202105-0590

ID

VAR-202105-0590

CVE

CVE-2021-21733

TITLE

ZXCDN Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007252

DESCRIPTION

The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. ZXCDN Contains an information disclosure vulnerability.Information may be obtained. ZTE ZXCDN IAMWEB is an identity authentication product of China ZTE Corporation (ZTE)

Trust: 1.8

sources: NVD: CVE-2021-21733 // JVNDB: JVNDB-2021-007252 // VULHUB: VHN-380137 // VULMON: CVE-2021-21733

AFFECTED PRODUCTS

vendor:	zte	model:	zxcdn	scope:	lt	version:	iamv7.01.02.02	Trust: 1.0
vendor:	zte	model:	zxcdn	scope:	gte	version:	7.01	Trust: 1.0
vendor:	zte	model:	zxcdn	scope:	lte	version:	v7.01 from iamv7.01.01.02 until	Trust: 0.8
vendor:	zte	model:	zxcdn	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007252 // NVD: CVE-2021-21733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21733
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21733
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202105-1273
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380137
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21733
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-380137
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21733
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21733
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380137 // JVNDB: JVNDB-2021-007252 // CNNVD: CNNVD-202105-1273 // NVD: CVE-2021-21733

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380137 // JVNDB: JVNDB-2021-007252 // NVD: CVE-2021-21733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1273

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202105-1273

PATCH

title:	Information Leak Vulnerability in A ZTE Product	url:	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015304	Trust: 0.8
title:	ZXCDN Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152365	Trust: 0.6

sources: JVNDB: JVNDB-2021-007252 // CNNVD: CNNVD-202105-1273

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21733	Trust: 3.4
db:	ZTE	id:	1015304	Trust: 1.8
db:	JVNDB	id:	JVNDB-2021-007252	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1273	Trust: 0.7
db:	VULHUB	id:	VHN-380137	Trust: 0.1
db:	VULMON	id:	CVE-2021-21733	Trust: 0.1

sources: VULHUB: VHN-380137 // VULMON: CVE-2021-21733 // JVNDB: JVNDB-2021-007252 // CNNVD: CNNVD-202105-1273 // NVD: CVE-2021-21733

REFERENCES

url:	https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1015304	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21733	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380137 // VULMON: CVE-2021-21733 // JVNDB: JVNDB-2021-007252 // CNNVD: CNNVD-202105-1273 // NVD: CVE-2021-21733

SOURCES

db:	VULHUB	id:	VHN-380137
db:	VULMON	id:	CVE-2021-21733
db:	JVNDB	id:	JVNDB-2021-007252
db:	CNNVD	id:	CNNVD-202105-1273
db:	NVD	id:	CVE-2021-21733

LAST UPDATE DATE

2024-08-14T14:44:25.608000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380137	date:	2021-05-28T00:00:00
db:	VULMON	id:	CVE-2021-21733	date:	2021-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-007252	date:	2022-02-07T02:28:00
db:	CNNVD	id:	CNNVD-202105-1273	date:	2021-05-31T00:00:00
db:	NVD	id:	CVE-2021-21733	date:	2021-05-28T21:04:15.457

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380137	date:	2021-05-19T00:00:00
db:	VULMON	id:	CVE-2021-21733	date:	2021-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-007252	date:	2022-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202105-1273	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-21733	date:	2021-05-19T12:15:07.867