Published:2021/12/17  Last Updated:2021/12/17

JVN#13464252
UNIVERGE DT Series vulnerable to missing encryption of sensitive data

Overview

UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers (IP Phone Manager and Data Maintenance Tool) provided by NEC Platforms, Ltd. contain a missing encryption vulnerability.

Products Affected

  • UNIVERGE IP Phone DT900 Series (DT930)
    • Japanese model
      • ITK-12CG-1D(WH/BK)TEL V2.4.0.0 and prior
      • ITK-24CG-1D(WH/BK)TEL V2.4.0.0 and prior
      • ITK-32CG-1D(WH)TEL V2.4.0.0 and prior
      • ITK-32TCG-1D(WH/BK)TEL V2.4.0.0 and prior
    • North American model
      • ITK-24CG-1(WH/BK)TEL V2.4.0.0 and prior
      • ITK-8TCGX-1(BK)TEL V2.4.0.0 and prior
    • Australian model
      • ITK-24CG-1A(BK)TEL V2.4.0.0 and prior
      • ITK-32TCG-1A(BK)TEL V2.4.0.0 and prior
    • Europe model (EMEA・ASIA)
      • ITK-24CG-1P(WH/BK)TEL V2.4.0.0 and prior
      • ITK-8TCGX-1P(BK)TEL V2.4.0.0 and prior
      • ITK-32TCGX-1P(BK)TEL V2.4.0.0 and prior
    • Chinese model
      • ITK-24CG-1U(WH/BK)TEL V2.4.0.0 and prior
  • UNIVERGE IP Phone DT900 Series (DT920)
    • Japanese model
      • ITK-6DG-1D(WH/BK)TEL V2.4.0.0 and prior
      • ITK-12DG-1D(WH)TEL(R) V2.4.0.0 and prior
      • ITK-32LCG-1D(WH/BK)TEL V2.4.0.0 and prior
    • North American model
      • ITK-6D-1(BK)TEL V2.4.0.0 and prior
      • ITK-12D-1(BK)TEL V2.4.0.0 and prior
      • ITK-8LCX-1(BK)TEL V2.4.0.0 and prior
    • Australian model
      • ITK-6DG-1A(BK)TEL V2.4.0.0 and prior
      • ITK-32LCG-1A(BK)TEL V2.4.0.0 and prior
    • Europe model (EMEA・ASIA)
      • ITK-6D-1P(BK)TEL V2.4.0.0 and prior
      • ITK-6DG-1P(BK)TEL V2.4.0.0 and prior
      • ITK-12D-1P(BK)TEL V2.4.0.0 and prior
      • ITK-12DG-1P(BK)TEL V2.4.0.0 and prior
      • ITK-8LCX-1P(BK)TEL V2.4.0.0 and prior
      • ITK-8LCG-1P(BK)TEL V2.4.0.0 and prior
      • ITK-32LCG-1P(BK)TEL V2.4.0.0 and prior
    • Chinese model
      • ITK-6D-1U(BK)TEL V2.4.0.0 and prior
      • ITK-6DG-1U(BK)TEL V2.4.0.0 and prior
      • ITK-12D-1U(BK)TEL V2.4.0.0 and prior
      • ITK-12DG-1U(BK)TEL V2.4.0.0 and prior
  • UNIVERGE IP Phone DT800 Series (DT830)
    • Japanese model
      • ITZ-12D-1D(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24D-1D(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-32D-1D(WH)TEL V5.2.7.0 and prior
      • ITZ-24PA-1D(WH)TEL V5.2.7.0 and prior
      • ITZ-24PD-1D(WH)TEL V5.2.7.0 and prior
      • ITZ-12D-2D(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24D-2D(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-32D-2D(WH)TEL V5.2.7.0 and prior
      • ITZ-24PA-2D(WH)TEL V5.2.7.0 and prior
      • ITZ-24PD-2D(WH)TEL V5.2.7.0 and prior
      • ITZ-24DG-2D(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24CG-2D(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24PAG-2D(WH)TEL V5.2.7.0 and prior
      • ITZ-24PDG-2D(WH)TEL V5.2.7.0 and prior
      • ITZ-32DLK-2D(WH)TEL V5.2.7.0 and prior
    • North American model
      • ITZ-12D-3(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24D-3(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-8LD-3(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-8LDG-3(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-12DG-3(BK)TEL V5.2.7.0 and prior
      • ITZ-12CG-3(BK)TEL V5.2.7.0 and prior
    • Australian model
      • ITZ-24D-3A(BK)TEL V5.2.7.0 and prior
      • ITZ-8LDG-3A(BK)TEL V5.2.7.0 and prior
      • ITZ-24DG-3A(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24CG-3A(BK)TEL V5.2.7.0 and prior
    • Europe model (EMEA・ASIA)
      • ITZ-12D-3P(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-24D-3P(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-8LDG-3P(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-12DG-3P(WH/BK)TEL V5.2.7.0 and prior
      • ITZ-12CG-3P(WH/BK)TEL V5.2.7.0 and prior
    • Chinese model
      • ITZ-12D-3P(WH/BK)TEL for China V5.2.7.0 and prior
      • ITZ-24D-3P(WH/BK)TEL for China V5.2.7.0 and prior
      • ITZ-8LDG-3P(WH/BK)TEL for China V5.2.7.0 and prior
      • ITZ-12DG-3P(WH/BK)TEL for China V5.2.7.0 and prior
      • ITZ-12CG-3P(WH/BK)TEL for China V5.2.7.0 and prior
  • UNIVERGE IP Phone DT800 Series (DT820)
    • North American model
      • ITY-6D-1(BK)TEL V3.2.7.0 and prior
      • ITY-8LDX-1(BK)TEL V3.2.7.0 and prior
      • ITY-8LDX-1(BK)TEL (OpEx) V3.2.7.0 and prior
      • ITY-8LCGX-1(BK)TEL V3.2.7.0 and prior
    • Australian model
      • ITY-6DG-1A(BK)TEL V3.2.7.0 and prior
    • Europe model (EMEA・ASIA)
      • ITY-6D-1P(BK)TEL V3.2.7.0 and prior
      • ITY-6DG-1P(BK)TEL V3.2.7.0 and prior
      • ITY-8LDX-1P(BK)TEL V3.2.7.0 and prior
      • ITY-32LDG-1P(BK)TEL V3.2.7.0 and prior
      • ITY-8LCGX-1P(BK)TEL V3.2.7.0 and prior
      • ITY-32LCG-1P(BK)TEL V3.2.7.0 and prior
    • Chinese model
      • ITY-6D-1P(BK)TEL for China V3.2.7.0 and prior
      • ITY-6DG-1P(BK)TEL for China V3.2.7.0 and prior
      • ITY-8LDX-1P(BK)TEL for China V3.2.7.0 and prior
      • ITY-32LDG-1P(BK)TEL for China V3.2.7.0 and prior
      • ITY-8LCGX-1P(BK)TEL for China V3.2.7.0 and prior
      • ITY-32LCG-1P(BK)TEL for China V3.2.7.0 and prior
  • Other (PC tools for DT Series maintainers)
    • IP Phone Manager V8.9.1 and prior
    • Data Maintenance Tool for DT900 Series V5.3.0.0 and prior
    • Data Maintenance Tool for DT800 Series V4.2.0.0 and prior

Description

UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers (IP Phone Manager and Data Maintenance Tool) provided by NEC Platforms, Ltd. contain a missing encryption vulnerability (CWE-311).

Impact

If a remote attacker who can access to the internal network setting the product analyzes packets while using the IP Phone Manager or Data Maintenance Tool, the phone configuration information may be obtained. Furthermore, the obtained configuration information may be abused to alter the phone configuration information, which may lead to the IP Phones unusable.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Apply Workarounds
The following workarounds may avoid the impacts of this vulnerability.

  • Operate and manage internal network properly to prevent packet capture
  • Manage the utilization purpose and records properly to prevent IP Phone Manager or Data Maintenance Tool from not being used beyond the maintenance purposes.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Corporation Vulnerable 2021/12/17

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score: 3.1
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:A/AC:H/Au:N/C:P/I:N/A:N
Base Score: 1.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solutions through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-44746
JVN iPedia JVNDB-2021-000110