CVE-2021-20677 - OpenCVE

UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Necplatforms	Sl2100 Sl2100 Firmware Univerge Aspire Ux Univerge Aspire Ux Firmware Univerge Aspire Wx Univerge Aspire Wx Firmware Univerge Sv9100 Univerge Sv9100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:necplatforms:univerge_aspire_wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:necplatforms:univerge_aspire_wx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:necplatforms:univerge_aspire_ux_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:necplatforms:univerge_aspire_ux:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:necplatforms:univerge_sv9100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:necplatforms:univerge_sv9100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:necplatforms:sl2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:necplatforms:sl2100:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN12737530/index.html
https://www.necplatforms.co.jp/en/press/security_adv.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2021-03-26T08:50:26

Updated: 2024-08-03T17:45:45.461Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20677

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-26T09:15:11.950

Modified: 2021-04-02T12:27:34.727

Link: CVE-2021-20677

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "UNIVERGE Aspire series PBX", "vendor": "NEC Platforms, Ltd.", "versions": [{"status": "affected", "version": "UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00"}]}], "descriptions": [{"lang": "en", "value": "UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command."}], "problemTypes": [{"descriptions": [{"description": "Denial-of-service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T08:50:26", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.necplatforms.co.jp/en/press/security_adv.html"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN12737530/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UNIVERGE Aspire series PBX", "version": {"version_data": [{"version_value": "UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00"}]}}]}, "vendor_name": "NEC Platforms, Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial-of-service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://www.necplatforms.co.jp/en/press/security_adv.html", "refsource": "MISC", "url": "https://www.necplatforms.co.jp/en/press/security_adv.html"}, {"name": "https://jvn.jp/en/jp/JVN12737530/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN12737530/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:45:45.461Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.necplatforms.co.jp/en/press/security_adv.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN12737530/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20677", "datePublished": "2021-03-26T08:50:26", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.461Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:necplatforms:univerge_aspire_wx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C1A17B4-9A99-4772-BEE5-D69D6B4B4BEE", "versionEndIncluding": "3.51", "versionStartIncluding": "1.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:necplatforms:univerge_aspire_wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "E57AF072-9F43-4F37-891B-1B68BA1D9C91", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:necplatforms:univerge_aspire_ux_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE390008-23F2-44BD-863C-C574DD7A97E0", "versionEndIncluding": "9.70", "versionStartIncluding": "1.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:necplatforms:univerge_aspire_ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "A68A0CB3-7B3C-431D-A339-4CF1C5EBC0C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:necplatforms:univerge_sv9100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D611FCE0-8B1B-43C3-BBE9-E7FA6801F947", "versionEndIncluding": "10.70", "versionStartIncluding": "1.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:necplatforms:univerge_sv9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "38FE4F0F-5112-4214-A8E0-A4858F368C69", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:necplatforms:sl2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36778BAB-500F-444F-93F4-FBBE28ECDB40", "versionEndIncluding": "3.00", "versionStartIncluding": "1.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:necplatforms:sl2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "129B972F-8F69-48B8-B2A2-E3AD109EF05F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command."}, {"lang": "es", "value": "UNIVERGE Aspire series PBX (UNIVERGE Aspire WX desde versiones 1.00 hasta 3.51, UNIVERGE Aspire UX desde versiones 1.00 hasta 9.70, UNIVERGE SV9100 desde versiones 1.00 hasta 10.70 y SL2100 desde versiones 1.00 hasta 3.00) permite a un atacante autenticado remoto causar la ca\u00edda del sistema y una denegaci\u00f3n de servicio ( DoS) mediante el env\u00edo de un comando especialmente dise\u00f1ado."}], "id": "CVE-2021-20677", "lastModified": "2021-04-02T12:27:34.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T09:15:11.950", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN12737530/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.necplatforms.co.jp/en/press/security_adv.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}