CVE-2020-5684

Summary

iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationManagement software for NEC Storage disk array systemiSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Expressaffected

Weaknesses

  • Improper server certificate verification

ADP Enrichment

CVE Program Container

Additional References

References