CVE-2019-3431

EPSS 0.07%
Published 23.12.2019 19:15:11
Last modified 21.11.2024 04:42:05
Source psirt@zte.com.cn
Teams watchlist Login
Open Login

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Zte ≫ Zxcloud Goldendata Vap Version <= zxivs-vap-portal-xzgav4.01.01.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.187

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3431

EUVD