Search a vulnerability

All the vulnerabilites related to NEC Platforms, Ltd. - UNIVERGE WA Series

jvndb-2022-000016

Vulnerability from jvndb

Published

2022-03-10 14:31

Modified

2022-03-10 14:31

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

UNIVERGE WA Series vulnerable to OS command injection

Details

UNIVERGE WA Series provided by NEC Platforms, Ltd. contains an OS command injection vulnerability. Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability (CWE-78). NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN72801744/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-25621
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-25621
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	NEC Platforms, Ltd.	UNIVERGE WA Series

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000016.html",
  "dc:date": "2022-03-10T14:31+09:00",
  "dcterms:issued": "2022-03-10T14:31+09:00",
  "dcterms:modified": "2022-03-10T14:31+09:00",
  "description": "UNIVERGE WA Series provided by NEC Platforms, Ltd. contains an OS command injection vulnerability.\r\n\r\nRemote system maintenance feature of UNIVERGE WA series \"Local maintenance console/Remote maintenance console/Web based remote console maintenance\" contains an OS command injection vulnerability (CWE-78).\r\n\r\nNEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000016.html",
  "sec:cpe": {
    "#text": "cpe:/a:necplatforms:univerge_wa_series",
    "@product": "UNIVERGE WA Series",
    "@vendor": "NEC Platforms, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000016",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN72801744/index.html",
      "@id": "JVN#72801744",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-25621",
      "@id": "CVE-2022-25621",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25621",
      "@id": "CVE-2022-25621",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "UNIVERGE WA Series vulnerable to OS command injection"
}