Details of VAR-201906-0184

ID

VAR-201906-0184

CVE

CVE-2019-3413

TITLE

ZTE NetNumen DAP Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-005460

DESCRIPTION

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. ZTE NetNumen DAP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-3413 // JVNDB: JVNDB-2019-005460 // VULHUB: VHN-154848

AFFECTED PRODUCTS

vendor:

zte

model:

netnumen dap

scope:

lte

version:

20.18.40.r7.b1

Trust: 1.8

sources: JVNDB: JVNDB-2019-005460 // NVD: CVE-2019-3413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3413
value:	MEDIUM
Trust: 1.0
psirt@zte.com.cn:	CVE-2019-3413
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-3413
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201906-370
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-154848
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-3413
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-154848
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3413
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-154848 // JVNDB: JVNDB-2019-005460 // CNNVD: CNNVD-201906-370 // NVD: CVE-2019-3413 // NVD: CVE-2019-3413

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-154848 // JVNDB: JVNDB-2019-005460 // NVD: CVE-2019-3413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-370

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201906-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005460

PATCH

title:	XSS Vulnerability in ZTE NetNumen DAP Product	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010797	Trust: 0.8
title:	ZTE NetNumen DAP Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93612	Trust: 0.6

sources: JVNDB: JVNDB-2019-005460 // CNNVD: CNNVD-201906-370

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3413	Trust: 2.5
db:	ZTE	id:	1010797	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-005460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-370	Trust: 0.7
db:	VULHUB	id:	VHN-154848	Trust: 0.1

sources: VULHUB: VHN-154848 // JVNDB: JVNDB-2019-005460 // CNNVD: CNNVD-201906-370 // NVD: CVE-2019-3413

REFERENCES

url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1010797	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3413	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3413	Trust: 0.8

sources: VULHUB: VHN-154848 // JVNDB: JVNDB-2019-005460 // CNNVD: CNNVD-201906-370 // NVD: CVE-2019-3413

SOURCES

db:	VULHUB	id:	VHN-154848
db:	JVNDB	id:	JVNDB-2019-005460
db:	CNNVD	id:	CNNVD-201906-370
db:	NVD	id:	CVE-2019-3413

LAST UPDATE DATE

2024-11-23T23:01:49.337000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-154848	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-005460	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-370	date:	2019-07-05T00:00:00
db:	NVD	id:	CVE-2019-3413	date:	2024-11-21T04:42:03.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-154848	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-005460	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-370	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2019-3413	date:	2019-06-11T20:29:01.827