Permission And Access Control Vulnerability in ZTE OTCP

Original release date:  September 9, 2022

 

CVE ID: CVE-2022-23143

CNNVD ID: CNNVD-202209-488

 

CVSS 3.1 Base Score

4.7 Medium (AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)

 

Description

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

OTCP

V2.21.40.06RC1

V2.21.40.06

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

September 9, 2022, initial.

 

Version Update Method

Please contact ZTE Global Customer Support Center to obtain the upgraded version.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html