Details of VAR-201905-0055

ID

VAR-201905-0055

CVE

CVE-2019-9105

TITLE

SAET Impianti Speciali TEBE Small Device and WebApp Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-004976

DESCRIPTION

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. SAET Impianti Speciali TEBE Small Device and WebApp Contains an information disclosure vulnerability.Information may be obtained. WebApp is one of the web-based management programs. Attackers can exploit this vulnerability to make various API calls without authentication

Trust: 1.71

sources: NVD: CVE-2019-9105 // JVNDB: JVNDB-2019-004976 // VULHUB: VHN-160540

AFFECTED PRODUCTS

vendor:	saet	model:	webapp	scope:	eq	version:	04.68	Trust: 1.8
vendor:	saet	model:	tebe small	scope:	eq	version:	05.01	Trust: 1.0
vendor:	saet	model:	tebe small	scope:	eq	version:	05.01 build 1137	Trust: 0.8

sources: JVNDB: JVNDB-2019-004976 // NVD: CVE-2019-9105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9105
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-1229
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160540
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9105
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-160540
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-160540 // JVNDB: JVNDB-2019-004976 // CNNVD: CNNVD-201905-1229 // NVD: CVE-2019-9105

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-160540 // JVNDB: JVNDB-2019-004976 // NVD: CVE-2019-9105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1229

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-1229

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004976

PATCH

title:

TEBE CRESCE E SI FA PICCOLA

url:

https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2019-004976

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9105	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-004976	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-1229	Trust: 0.7
db:	VULHUB	id:	VHN-160540	Trust: 0.1

sources: VULHUB: VHN-160540 // JVNDB: JVNDB-2019-004976 // CNNVD: CNNVD-201905-1229 // NVD: CVE-2019-9105

REFERENCES

url:	https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/	Trust: 2.5
url:	https://www.saet.org/wp-content/uploads/2017/04/depliant_tebe-tebe_small.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9105	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9105	Trust: 0.8

sources: VULHUB: VHN-160540 // JVNDB: JVNDB-2019-004976 // CNNVD: CNNVD-201905-1229 // NVD: CVE-2019-9105

SOURCES

db:	VULHUB	id:	VHN-160540
db:	JVNDB	id:	JVNDB-2019-004976
db:	CNNVD	id:	CNNVD-201905-1229
db:	NVD	id:	CVE-2019-9105

LAST UPDATE DATE

2024-11-23T21:37:24.934000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160540	date:	2019-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-004976	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201905-1229	date:	2019-06-04T00:00:00
db:	NVD	id:	CVE-2019-9105	date:	2024-11-21T04:50:59.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160540	date:	2019-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-004976	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201905-1229	date:	2019-05-31T00:00:00
db:	NVD	id:	CVE-2019-9105	date:	2019-05-31T22:29:01.347