Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2020-5684
Analyzed
More InfoOfficial Page
Source-vultures@jpcert.or.jp
View Known Exploited Vulnerability (KEV) details
Published At-24 Dec, 2020 | 02:15
Updated At-28 Dec, 2020 | 18:25

iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
NEC Corporation
nec
>>ism_server>>Versions from 5.1(inclusive) to 12.1(exclusive)
cpe:2.3:a:nec:ism_server:*:*:*:*:*:*:*:*
NEC Corporation
nec
>>m120>>-
cpe:2.3:h:nec:m120:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>m12e>>-
cpe:2.3:h:nec:m12e:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>m320>>-
cpe:2.3:h:nec:m320:-:*:*:*:*:*:*:*
NEC Corporation
nec
>>m320f>>-
cpe:2.3:h:nec:m320f:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-295Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jpn.nec.com/security-info/secinfo/nv20-015.htmlvultures@jpcert.or.jp
Vendor Advisory
https://jvn.jp/en/jp/JVN10100024/index.htmlvultures@jpcert.or.jp
Third Party Advisory
Change History
0Changes found
Details not found