Vulnerability Description
iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nec | Ism Server | >= 5.1, < 12.1 |
| Nec | M120 | - |
| Nec | M12E | - |
| Nec | M320 | - |
| Nec | M320F | - |
Related Weaknesses (CWE)
References
- https://jpn.nec.com/security-info/secinfo/nv20-015.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN10100024/index.htmlThird Party Advisory
- https://jpn.nec.com/security-info/secinfo/nv20-015.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN10100024/index.htmlThird Party Advisory
FAQ
What is CVE-2020-5684?
CVE-2020-5684 is a vulnerability with a CVSS score of 4.8 (MEDIUM). iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to e...
How severe is CVE-2020-5684?
CVE-2020-5684 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5684?
Check the references section above for vendor advisories and patch information. Affected products include: Nec Ism Server, Nec M120, Nec M12E, Nec M320, Nec M320F.