CVE-2021-21724

{"id": "CVE-2021-21724", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2021-02-26T03:15:12.963", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1."}, {"lang": "es", "value": "Un producto ZTE presenta una vulnerabilidad de p\u00e9rdida de la memoria. Debido al manejo inapropiado de liberaci\u00f3n de la memoria del producto en determinados escenarios, un atacante local con permisos de dispositivo atenu\u00f3 repetidamente la se\u00f1al \u00f3ptica para causar p\u00e9rdida de la memoria y un servicio anormal. Esto afecta a: ZXR10 8900E, todas las versiones hasta V3.03.20R2B30P1"}], "lastModified": "2024-11-21T05:48:53.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxr10_8900e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C146C38-AD84-44EE-BE6D-B70B0727DA35", "versionEndIncluding": "3.03.20r2b30p1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxr10_8900e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5526FC8B-9FB3-4618-BEEC-724210483383"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}