Sign-up

ID

VAR-201906-0485


CVE

CVE-2019-12591


TITLE

NETGEAR Insight Cloud Command injection vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-004972

DESCRIPTION

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. NETGEAR Insight is a cloud-based management platform from NETGEAR. The platform supports setup and configuration of NETGEAR Insight managed access points, switches and ReadyNAS devices, among others. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

Trust: 1.71

sources: NVD: CVE-2019-12591 // JVNDB: JVNDB-2019-004972 // VULHUB: VHN-144353

AFFECTED PRODUCTS

vendor:netgearmodel:insightscope:ltversion:5.6

Trust: 1.0

vendor:net gearmodel:insightscope:ltversion:5.6

Trust: 0.8

sources: JVNDB: JVNDB-2019-004972 // NVD: CVE-2019-12591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12591
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-12591
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12591
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-014
value: HIGH

Trust: 0.6

VULHUB: VHN-144353
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12591
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144353
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12591
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.7
version: 3.0

Trust: 1.8

cve@mitre.org: CVE-2019-12591
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.0
impactScore: 5.3
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-144353 // JVNDB: JVNDB-2019-004972 // CNNVD: CNNVD-201906-014 // NVD: CVE-2019-12591 // NVD: CVE-2019-12591

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-144353 // JVNDB: JVNDB-2019-004972 // NVD: CVE-2019-12591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-014

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-014

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004972

PATCH
title:Security Advisory for Post-Authentication Command Injection on Insight Cloud, PSV-2018-0366url:https://kb.netgear.com/000060977/Security-Advisory-for-Post-Authentication-Command-Injection-on-Insight-Cloud-PSV-2018-0366
Trust: 0.8
title:NETGEAR Insight Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93117
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004972 // 
            
            
            
            CNNVD: CNNVD-201906-014

EXTERNAL IDS
db:NVDid:CVE-2019-12591
Trust: 2.5
db:JVNDBid:JVNDB-2019-004972
Trust: 0.8
db:CNNVDid:CNNVD-201906-014
Trust: 0.7
db:VULHUBid:VHN-144353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144353 // 
            
            
            
            JVNDB: JVNDB-2019-004972 // 
            
            
            
            CNNVD: CNNVD-201906-014 // 
            
            
            
            NVD: CVE-2019-12591

REFERENCES
url:https://kb.netgear.com/000060977/security-advisory-for-post-authentication-command-injection-on-insight-cloud-psv-2018-0366
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12591
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12591
Trust: 0.8
sources:
            
            
            VULHUB: VHN-144353 // 
            
            
            
            JVNDB: JVNDB-2019-004972 // 
            
            
            
            CNNVD: CNNVD-201906-014 // 
            
            
            
            NVD: CVE-2019-12591

SOURCES
db:VULHUBid:VHN-144353
db:JVNDBid:JVNDB-2019-004972
db:CNNVDid:CNNVD-201906-014
db:NVDid:CVE-2019-12591

LAST UPDATE DATE
2024-11-23T22:06:10.587000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144353date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-004972date:2019-06-13T00:00:00
db:CNNVDid:CNNVD-201906-014date:2019-06-04T00:00:00
db:NVDid:CVE-2019-12591date:2024-11-21T04:23:09.347

SOURCES RELEASE DATE
db:VULHUBid:VHN-144353date:2019-06-03T00:00:00
db:JVNDBid:JVNDB-2019-004972date:2019-06-13T00:00:00
db:CNNVDid:CNNVD-201906-014date:2019-06-03T00:00:00
db:NVDid:CVE-2019-12591date:2019-06-03T13:29:01.020