Sign-up

ID

VAR-202010-0306


CVE

CVE-2020-14788


TITLE

Oracle Communications of Oracle Communications Diameter Signaling Router In User Interface Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-009892

DESCRIPTION

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Trust: 2.34

sources: NVD: CVE-2020-14788 // JVNDB: JVNDB-2020-009892 // CNVD: CNVD-2020-61044 // VULHUB: VHN-167701 // VULMON: CVE-2020-14788

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-61044

AFFECTED PRODUCTS

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.4.0.5

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.0.0.0 から 8.4.0.5

Trust: 0.8

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0,<=8.4.0.5

Trust: 0.6

sources: CNVD: CNVD-2020-61044 // JVNDB: JVNDB-2020-009892 // NVD: CVE-2020-14788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14788
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2020-14788
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009892
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-61044
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202010-1050
value: MEDIUM

Trust: 0.6

VULHUB: VHN-167701
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-14788
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14788
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009892
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-61044
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-167701
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2020-14788
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009892
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-61044 // VULHUB: VHN-167701 // VULMON: CVE-2020-14788 // JVNDB: JVNDB-2020-009892 // CNNVD: CNNVD-202010-1050 // NVD: CVE-2020-14788 // NVD: CVE-2020-14788

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-14788

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1050

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009892

PATCH
title:Oracle Critical Patch Update Advisory - October 2020url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2020 Risk Matricesurl:https://www.oracle.com/security-alerts/cpuoct2020verbose.html
Trust: 0.8
title:Patch for Oracle Communications Diameter Signaling Router has an unspecified vulnerability (CNVD-2020-61044)url:https://www.cnvd.org.cn/patchInfo/show/239020
Trust: 0.6
title:Oracle Communications Diameter Signaling Router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130994
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-61044 // 
            
            
            
            JVNDB: JVNDB-2020-009892 // 
            
            
            
            CNNVD: CNNVD-202010-1050

EXTERNAL IDS
db:NVDid:CVE-2020-14788
Trust: 3.2
db:JVNDBid:JVNDB-2020-009892
Trust: 0.8
db:CNVDid:CNVD-2020-61044
Trust: 0.7
db:NSFOCUSid:50662
Trust: 0.6
db:CNNVDid:CNNVD-202010-1050
Trust: 0.6
db:VULHUBid:VHN-167701
Trust: 0.1
db:VULMONid:CVE-2020-14788
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-61044 // 
            
            
            
            VULHUB: VHN-167701 // 
            
            
            
            VULMON: CVE-2020-14788 // 
            
            
            
            JVNDB: JVNDB-2020-009892 // 
            
            
            
            CNNVD: CNNVD-202010-1050 // 
            
            
            
            NVD: CVE-2020-14788

REFERENCES
url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-14788
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14788
Trust: 0.8
url:https://vigilance.fr/vulnerability/oracle-communications-vulnerabilities-of-october-2020-33638
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50662
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/190106
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-61044 // 
            
            
            
            VULHUB: VHN-167701 // 
            
            
            
            VULMON: CVE-2020-14788 // 
            
            
            
            JVNDB: JVNDB-2020-009892 // 
            
            
            
            CNNVD: CNNVD-202010-1050 // 
            
            
            
            NVD: CVE-2020-14788

SOURCES
db:CNVDid:CNVD-2020-61044
db:VULHUBid:VHN-167701
db:VULMONid:CVE-2020-14788
db:JVNDBid:JVNDB-2020-009892
db:CNNVDid:CNNVD-202010-1050
db:NVDid:CVE-2020-14788

LAST UPDATE DATE
2024-11-23T22:58:08.489000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-61044date:2020-11-08T00:00:00
db:VULHUBid:VHN-167701date:2020-10-26T00:00:00
db:VULMONid:CVE-2020-14788date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-009892date:2020-12-11T03:32:57
db:CNNVDid:CNNVD-202010-1050date:2020-11-18T00:00:00
db:NVDid:CVE-2020-14788date:2024-11-21T05:04:09.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-61044date:2020-11-08T00:00:00
db:VULHUBid:VHN-167701date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-14788date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-009892date:2020-12-11T03:32:57
db:CNNVDid:CNNVD-202010-1050date:2020-10-20T00:00:00
db:NVDid:CVE-2020-14788date:2020-10-21T15:15:18.983