Information Leak Vulnerability in a ZTE Product

Original Release Date:  April 17, 2020 

 

CVE ID

CVE-2020-6865

 

CVSS 3.1 Base Score

4.1 MediumAV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

 

Description

ZTE SDN controller platform is impacted by an information leakage vulnerabilityDue to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

OSCP

V16.19.10、V16.19.20

V16.19.30

 
Source

The vulnerability was found by ZTE's internal test.

 

Update Records

April 17, 2020, initial. 

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]