|
Original release date: 18 December, 2019 CVE ID CVE-2019-3429 CVE-2019-3430 CVE-2019-3431 CVSS 3.0 Base Score CVE-2019-3429:3.7 Low (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVE-2019-3430:2.7 Low (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) CVE-2019-3431:5.7 Medium (AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) Description CVE-2019-3429: All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information. CVE-2019-3430: All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system. CVE-2019-3431: All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXCLOUD GoldenData VAP | All versions up to ZXIVS-VAP-PORTAL-XZGAV4.01.01.02 | ZXIVS-VAP-PORTAL-XZGA V4.02.07 |
Source The vulnerabilities were found by ZTE internal testing. Update Records 18 December, 2019, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|