CVE-2020-5684
First published: Thu Dec 24 2020(Updated: )
iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nec Ism Server | >=5.1<12.1 | |
| Nec M120 | ||
| Nec M12e | ||
| Nec M320 | ||
| Nec M320f |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5684?
The severity of CVE-2020-5684 is medium with a CVSS score of 4.8.
Which software versions are affected by CVE-2020-5684?
iSM client versions from V5.1 to V12.1 running on NEC Storage Manager or NEC Storage Manager Express are affected.
How can an attacker exploit CVE-2020-5684?
An attacker can exploit CVE-2020-5684 by performing a man-in-the-middle attack to eavesdrop on or alter the encrypted communication.
How can I fix CVE-2020-5684?
To fix CVE-2020-5684, update to a version of iSM client that is V12.1 or later, which properly verifies the server certificate.
Where can I find more information about CVE-2020-5684?
You can find more information about CVE-2020-5684 at the following references: [1](https://jpn.nec.com/security-info/secinfo/nv20-015.html), [2](https://jvn.jp/en/jp/JVN10100024/index.html).
- collector/nvd-index
- vendor/nec
- canonical/nec ism server
- version/nec ism server/5.1
- canonical/nec m120
- canonical/nec m12e
- canonical/nec m320
- canonical/nec m320f