Sign-up

ID

VAR-201905-1299


CVE

CVE-2019-12167


TITLE

Emerson Network Power Liebert Challenger Device cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004772

DESCRIPTION

httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Liebert Challenger 5.1E0.5 is vulnerable; other versions may also be affected. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.98

sources: NVD: CVE-2019-12167 // JVNDB: JVNDB-2019-004772 // BID: 108420 // VULHUB: VHN-143886

AFFECTED PRODUCTS

vendor:emersonmodel:liebert challengerscope:eqversion:5.1e0.5

Trust: 1.8

vendor:emersonnetworkpowermodel:liebert challenger 5.1e0.5scope: - version: -

Trust: 0.3

sources: BID: 108420 // JVNDB: JVNDB-2019-004772 // NVD: CVE-2019-12167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12167
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12167
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-801
value: MEDIUM

Trust: 0.6

VULHUB: VHN-143886
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12167
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143886
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12167
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-143886 // JVNDB: JVNDB-2019-004772 // CNNVD: CNNVD-201905-801 // NVD: CVE-2019-12167

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-143886 // JVNDB: JVNDB-2019-004772 // NVD: CVE-2019-12167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-801

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-801

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004772

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-143886

PATCH
title:Supporturl:https://www.emerson.com/en-us/support
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004772

EXTERNAL IDS
db:NVDid:CVE-2019-12167
Trust: 2.8
db:BIDid:108420
Trust: 2.0
db:JVNDBid:JVNDB-2019-004772
Trust: 0.8
db:CNNVDid:CNNVD-201905-801
Trust: 0.7
db:PACKETSTORMid:152969
Trust: 0.7
db:VULHUBid:VHN-143886
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143886 // 
            
            
            
            BID: 108420 // 
            
            
            
            JVNDB: JVNDB-2019-004772 // 
            
            
            
            CNNVD: CNNVD-201905-801 // 
            
            
            
            NVD: CVE-2019-12167

REFERENCES
url:https://seclists.org/bugtraq/2019/may/51
Trust: 2.5
url:http://www.securityfocus.com/bid/108420
Trust: 2.3
url:https://www.emerson.com/en-us/support
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12167
Trust: 1.4
url:https://www.emerson.com/
Trust: 0.9
url:https://seclists.org/fulldisclosure/2019/may/35
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12167
Trust: 0.8
url:https://packetstormsecurity.com/files/152969/emerson-network-power-liebert-challenger-5.1e0.5-cross-site-scripting.html
Trust: 0.6
sources:
            
            
            VULHUB: VHN-143886 // 
            
            
            
            BID: 108420 // 
            
            
            
            JVNDB: JVNDB-2019-004772 // 
            
            
            
            CNNVD: CNNVD-201905-801 // 
            
            
            
            NVD: CVE-2019-12167

CREDITS
Kubilay Onur Gungor,Kubilay Onur Gungor.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-801

SOURCES
db:VULHUBid:VHN-143886
db:BIDid:108420
db:JVNDBid:JVNDB-2019-004772
db:CNNVDid:CNNVD-201905-801
db:NVDid:CVE-2019-12167

LAST UPDATE DATE
2024-11-23T23:08:24.284000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143886date:2019-05-27T00:00:00
db:BIDid:108420date:2019-05-18T00:00:00
db:JVNDBid:JVNDB-2019-004772date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-801date:2019-05-28T00:00:00
db:NVDid:CVE-2019-12167date:2024-11-21T04:22:21.103

SOURCES RELEASE DATE
db:VULHUBid:VHN-143886date:2019-05-22T00:00:00
db:BIDid:108420date:2019-05-18T00:00:00
db:JVNDBid:JVNDB-2019-004772date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-801date:2019-05-18T00:00:00
db:NVDid:CVE-2019-12167date:2019-05-22T18:29:00.677