Remote DoS Vulnerability in UNIVERGE Aspire PBX by NEC Corporation
CVE-2021-20677

3.1LOW

Key Information:

Vendor: Nec Platforms, Ltd.
Status: Univerge Aspire Series Pbx
Vendor: CVE Published:; 26 March 2021

🔔 Create Nec Platforms, Ltd. Vulnerability Alert

What is CVE-2021-20677?

The UNIVERGE Aspire series PBX by NEC Corporation is susceptible to a Denial of Service (DoS) attack due to a vulnerability that allows remote authenticated attackers to send specially crafted commands. This can lead to an unexpected system malfunction and potential downtime, impacting communication services. The affected models include Aspire WX, Aspire UX, SV9100, and SL2100 across various versions.

Affected Version(s)

UNIVERGE Aspire series PBX UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00

References

https://www.necplatforms.co.jp/en/press/security_adv.html

x_refsource_MISC

https://jvn.jp/en/jp/JVN12737530/index.html

x_refsource_MISC

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2021
Vulnerability Reserved
Dec 17, 2020

CVE-2021-20677 Data

JSON