CVE-2021-44746

{"id": "CVE-2021-44746", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-02-01T15:15:07.960", "references": [{"url": "https://www.necplatforms.co.jp/en/product/security_adv/211217.html", "tags": ["Vendor Advisory"], "source": "psirt-info@cyber.jp.nec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained."}, {"lang": "es", "value": "UNIVERGE DT 820 versiones V3.2.7.0 y anteriores, UNIVERGE DT 830 versiones V5.2.7.0 y anteriores, UNIVERGE DT 930 versiones V2.4.0.0 y anteriores, IP Phone Manager versiones V8.9.1 y anteriores, Data Maintenance Tool for DT900 Series versiones V5.3.0.0 y anteriores, Data Maintenance Tool for DT800 Series versiones V4.2.0.0 y anteriores permiten que un atacante remoto que pueda acceder a la red interna, pueda obtener la informaci\u00f3n de configuraci\u00f3n"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:univerge_dt830_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21C737B4-8BBD-4778-B5DC-2711BF8B81D7", "versionEndIncluding": "5.2.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:univerge_dt830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD6A37BD-F29F-486A-B720-8A0FE0D649FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:univerge_dt820_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDCC5D81-2C29-424A-9436-89F39FBDE2BC", "versionEndIncluding": "3.2.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:univerge_dt820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA101E60-B52E-4968-B012-903086A152CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:univerge_dt930_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D2920E-101A-4209-9AF3-7BDD3A006FFC", "versionEndIncluding": "2.4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:univerge_dt930:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FC3A718-D46C-400F-93CE-BEE0E8C0FE6F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nec:univerge_dt900_data_maintenance_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69E42A84-0201-43E6-977F-8439195E1D26", "versionEndIncluding": "5.3.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nec:univerge_dt800_data_maintenance_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30375D6-06E6-4837-8738-647EDE37FEBD", "versionEndIncluding": "4.2.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nec:univerge_ip_phone_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8052BA2-3EE8-42A4-B448-922DB349B2C3", "versionEndIncluding": "8.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com"}