CVE-2021-21741

{"id": "CVE-2021-21741", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-08-30T18:15:08.107", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command."}, {"lang": "es", "value": "Un sistema de administraci\u00f3n de conferencias de ZTE, est\u00e1 afectado por una vulnerabilidad de ejecuci\u00f3n de comandos. Dado que el servicio de objetos java de soapmonitor est\u00e1 habilitado por defecto, el atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrario mediante el env\u00edo de una carga \u00fatil deserializada al puerto 5001."}], "lastModified": "2024-11-21T05:48:55.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.16.01u01.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "164F10FD-FD8A-470C-B0AC-04B253070FF5"}, {"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.19.01u01.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA83CD1-309A-4E15-9395-EFB3976EC50E"}, {"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.20.01u01.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2C3057A-C517-4FF9-B03F-A91DF8DF675D"}, {"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.21.01.04:p01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65C1CF13-8E64-4231-BF21-6928C7189502"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxv10_m910:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A39F1727-2C52-4AC9-9AD1-D6D6D44CE7AE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}