Sign-up

ID

VAR-202112-1733


CVE

CVE-2021-21750


TITLE

ZXIN10 CMS  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017510

DESCRIPTION

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. ZXIN10 CMS Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-21750 // JVNDB: JVNDB-2021-017510 // VULHUB: VHN-380154 // VULMON: CVE-2021-21750

AFFECTED PRODUCTS

vendor:ztemodel:zxin10 cmsscope:lteversion:3.01.01.04

Trust: 1.0

vendor:ztemodel:zxin10 cmsscope:eqversion: -

Trust: 0.8

vendor:ztemodel:zxin10 cmsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017510 // NVD: CVE-2021-21750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21750
value: HIGH

Trust: 1.0

NVD: CVE-2021-21750
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-2626
value: HIGH

Trust: 0.6

VULHUB: VHN-380154
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21750
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380154
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21750
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-21750
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380154 // JVNDB: JVNDB-2021-017510 // CNNVD: CNNVD-202112-2626 // NVD: CVE-2021-21750

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380154 // JVNDB: JVNDB-2021-017510 // NVD: CVE-2021-21750

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2626

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202112-2626

PATCH

title:Two Vulnerabilities in a ZTE BigVideo Analysis Producturl:https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884

Trust: 0.8

title:ZTE Big Video Analysis Product Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177140

Trust: 0.6

sources: JVNDB: JVNDB-2021-017510 // CNNVD: CNNVD-202112-2626

EXTERNAL IDS

db:NVDid:CVE-2021-21750

Trust: 3.4

db:ZTEid:1021884

Trust: 1.8

db:JVNDBid:JVNDB-2021-017510

Trust: 0.8

db:CNNVDid:CNNVD-202112-2626

Trust: 0.7

db:CNVDid:CNVD-2022-05439

Trust: 0.1

db:VULHUBid:VHN-380154

Trust: 0.1

db:VULMONid:CVE-2021-21750

Trust: 0.1

sources: VULHUB: VHN-380154 // VULMON: CVE-2021-21750 // JVNDB: JVNDB-2021-017510 // CNNVD: CNNVD-202112-2626 // NVD: CVE-2021-21750

REFERENCES

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1021884

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21750

Trust: 1.4

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-380154 // VULMON: CVE-2021-21750 // JVNDB: JVNDB-2021-017510 // CNNVD: CNNVD-202112-2626 // NVD: CVE-2021-21750

SOURCES

db:VULHUBid:VHN-380154
db:VULMONid:CVE-2021-21750
db:JVNDBid:JVNDB-2021-017510
db:CNNVDid:CNNVD-202112-2626
db:NVDid:CVE-2021-21750

LAST UPDATE DATE

2024-08-14T14:02:53.413000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380154date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-21750date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017510date:2023-01-24T05:04:00
db:CNNVDid:CNNVD-202112-2626date:2022-01-13T00:00:00
db:NVDid:CVE-2021-21750date:2022-01-12T13:25:37.223

SOURCES RELEASE DATE

db:VULHUBid:VHN-380154date:2021-12-27T00:00:00
db:VULMONid:CVE-2021-21750date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017510date:2023-01-24T00:00:00
db:CNNVDid:CNNVD-202112-2626date:2021-12-27T00:00:00
db:NVDid:CVE-2021-21750date:2021-12-27T19:15:08.013