CVE-2017-10933

{"id": "CVE-2017-10933", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-10-19T21:29:00.453", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address."}, {"lang": "es", "value": "Todas las versiones anteriores a la V2.06.00.00 de ZTE ZXDT22 SF01, un sistema de monitorizaci\u00f3n de ZTE energy product, se ven afectadas por una vulnerabilidad de salto de directorio que permite que atacantes remotos lean archivos arbitrarios en el sistema mediante un nombre de ruta completo despu\u00e9s de la direcci\u00f3n del host."}], "lastModified": "2024-11-21T03:06:47.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxdt22_sf01_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF0B856D-169F-4622-9271-BB738AE84961", "versionEndIncluding": "v2.06.00.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxdt22_sf01:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AF580C7-ADB1-4E89-8012-BB7652669EEC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}