CVE-2020-6867

{"id": "CVE-2020-6867", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-04-30T22:15:12.247", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005."}, {"lang": "es", "value": "El controlador SDON de ZTE est\u00e1 afectado por una vulnerabilidad de error de administraci\u00f3n de los recursos. Cuando RPC es frecuentemente llamado por otras aplicaciones en el caso de datos de tr\u00e1fico masivo en el sistema, resultar\u00eda en no responder por un largo tiempo y un riesgo de desbordamiento de memoria. Esto afecta a: ZENIC ONE R22b versiones V16.19.10P02SP002 y V16.19.10P02SP005."}], "lastModified": "2024-11-21T05:36:19.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zenic_one_r22b:6.19.10p02sp005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5876A67-E2FB-4847-AD2F-0D013CE9ADDD"}, {"criteria": "cpe:2.3:a:zte:zenic_one_r22b:16.19.10p02sp002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C8E7293-C414-4694-B629-FD8AEC8F171F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@zte.com.cn"}