CVE-2022-23141 (GCVE-0-2022-23141)

Vulnerability from cvelistv5 – Published: 2022-07-15 14:44 – Updated: 2024-08-03 03:36
VLAI?
Summary
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
  • information leak
Assigner
zte
References
Impacted products
Vendor Product Version
n/a ZXMP M721 Affected: COMMOND21BOOTV100004_LS1045
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZXMP M721",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "COMMOND21BOOTV100004_LS1045"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-15T14:44:50",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2022-23141",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ZXMP M721",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "COMMOND21BOOTV100004_LS1045"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
              "refsource": "MISC",
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2022-23141",
    "datePublished": "2022-07-15T14:44:50",
    "dateReserved": "2022-01-11T00:00:00",
    "dateUpdated": "2024-08-03T03:36:19.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB41C198-1156-4112-96C5-AC9B1026B46B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEC586E9-E8FA-4988-8CD0-334A1F73BC61\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.\"}, {\"lang\": \"es\", \"value\": \"ZXMP M721 presenta una vulnerabilidad de filtrado de informaci\\u00f3n. Dado que la autenticaci\\u00f3n del puerto serie en la interfaz ZBOOT no es efectiva aunque est\\u00e9 habilitada, un atacante podr\\u00eda usar esta vulnerabilidad para iniciar sesi\\u00f3n en el dispositivo y obtener informaci\\u00f3n confidencial\"}]",
      "id": "CVE-2022-23141",
      "lastModified": "2024-11-21T06:48:05.130",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-07-15T15:15:08.097",
      "references": "[{\"url\": \"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264\", \"source\": \"psirt@zte.com.cn\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@zte.com.cn",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23141\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2022-07-15T15:15:08.097\",\"lastModified\":\"2024-11-21T06:48:05.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.\"},{\"lang\":\"es\",\"value\":\"ZXMP M721 presenta una vulnerabilidad de filtrado de informaci\u00f3n. Dado que la autenticaci\u00f3n del puerto serie en la interfaz ZBOOT no es efectiva aunque est\u00e9 habilitada, un atacante podr\u00eda usar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo y obtener informaci\u00f3n confidencial\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB41C198-1156-4112-96C5-AC9B1026B46B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC586E9-E8FA-4988-8CD0-334A1F73BC61\"}]}]}],\"references\":[{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.