Vulnerability Description
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nec | Univerge Sv9500 Firmware | >= v1, <= v7 |
| Nec | Univerge Sv9500 | - |
| Nec | Univerge Sv8500 Firmware | >= s6, <= s8 |
| Nec | Univerge Sv8500 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN38784555/index.htmlThird Party Advisory
- https://www.necplatforms.co.jp/en/press/security_adv.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN38784555/index.htmlThird Party Advisory
- https://www.necplatforms.co.jp/en/press/security_adv.htmlVendor Advisory
FAQ
What is CVE-2020-5686?
CVE-2020-5686 is a vulnerability with a CVSS score of 7.5 (HIGH). Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and...
How severe is CVE-2020-5686?
CVE-2020-5686 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5686?
Check the references section above for vendor advisories and patch information. Affected products include: Nec Univerge Sv9500 Firmware, Nec Univerge Sv9500, Nec Univerge Sv8500 Firmware, Nec Univerge Sv8500.