Details of VAR-202105-1579

ID

VAR-202105-1579

TITLE

Ruijie Networks ASME access shared management engine has logic flaws and vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-30855

DESCRIPTION

ASME Access Sharing Management Engine is an anti-agent product based on DPI application layer detection. Ruijie Networks’ ASME access shared management engine has logic flaws and vulnerabilities. The attacker can view and modify the returned packet by capturing the packet, fill in the password at will, and successfully log in to the background to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2021-30855

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-30855

AFFECTED PRODUCTS

vendor:

ruijie

model:

asme access shared management engine

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-30855

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-30855
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-30855
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-30855

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-30855

Trust: 0.6

sources: CNVD: CNVD-2021-30855

SOURCES

db:

CNVD

id:

CNVD-2021-30855

LAST UPDATE DATE

2022-05-04T10:03:09.842000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-30855

date:

2021-04-26T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-30855

date:

2021-05-30T00:00:00