|
Original release date: 21 November, 2019 CVE ID CVE-2019-3427 CVE-2019-3428 CVSS 3.0 Base Score CVE-2019-3427: 6.6 Medium (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L) CVE-2019-3428: 6.5 Medium (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Description CVE-2019-3427: The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage. CVE-2019-3428: The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXCDN IAMWEB | V6.01.03.01 | V6.01.04.01 |
Source The vulnerabilities were found by ZTE internal testing. Update Records 21 November, 2019, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|