Published:2021/01/04  Last Updated:2021/01/04

JVN#38784555
Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Overview

UNIVERGE SV9500/SV8500 series provided by NEC Platforms, Ltd. contain multiple vulnerabilities.

Products Affected

  • UNIVERGE SV9500 series from V1 to V7
  • UNIVERGE SV8500 series from S6 to S8

Description

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below.

  • OS Command Injection (CWE-78) - CVE-2020-5685
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 9.6
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
  • Incorrect Implementation of Authentication Algorithm (CWE-303) - CVE-2020-5686
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Base Score: 7.6
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8

Impact

  • If an attacker who can access the device sends a specially crafted request to a specific URL, an arbitrary command may be executed or a denial-of-service (DoS) condition may be caused - CVE-2020-5685
  • If an attacker who can access the device sends a specially crafted request to a specific URL, the remote system maintenance feature may be accessed illegally and information may be disclosed - CVE-2020-5686

Solution

Update the Software
Update to the software according to the information provided by the developer.
Contact your product dealer for details of the update.

Apply the workarounds
Applying the following workarounds may mitigate the impacts of these vulnerabilities.

  • Do not directly connect the products to an external network such as the Internet.
  • Explicitly create an access rule based on source IP addresses/destination IP addresses/port numbers for network connection to the products.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Platforms, Ltd. Vulnerable 2021/01/04

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

NEC Platforms, Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5685
CVE-2020-5686
JVN iPedia JVNDB-2021-000001