Sign-up

ID

VAR-201907-0168


CVE

CVE-2019-7267


TITLE

Linear eMerge 50P/5000P Path traversal vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-006145

DESCRIPTION

Linear eMerge 50P/5000P The device contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control. Linear eMerge 50P / 5000P has a directory traversal vulnerability. An attacker could use this vulnerability to traverse the file system to access files or directories outside the restricted directory. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

Trust: 1.35

sources: JVNDB: JVNDB-2019-006145 // CNVD: CNVD-2019-34616 // VULHUB: VHN-158702

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-34616

AFFECTED PRODUCTS

vendor:nortekcontrolmodel:linear emerge 50pscope:lteversion:4.6.07

Trust: 1.0

vendor:nortekcontrolmodel:linear emerge 5000pscope:lteversion:4.6.07

Trust: 1.0

vendor:nortekmodel:linear emerge 5000pscope: - version: -

Trust: 0.8

vendor:nortekmodel:linear emerge 50pscope: - version: -

Trust: 0.8

vendor:nortekmodel:security & control linear emerge 50p 5000p version)scope:eqversion:/<=4.6.07(79330

Trust: 0.6

sources: CNVD: CNVD-2019-34616 // JVNDB: JVNDB-2019-006145 // NVD: CVE-2019-7267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7267
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7267
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-34616
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-096
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158702
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7267
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-34616
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158702
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7267
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7267
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-34616 // VULHUB: VHN-158702 // JVNDB: JVNDB-2019-006145 // CNNVD: CNNVD-201907-096 // NVD: CVE-2019-7267

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-158702 // JVNDB: JVNDB-2019-006145 // NVD: CVE-2019-7267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-096

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201907-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006145

PATCH
title:EMERGE 50P/5000P BROWSER MANAGED ACCESS SYSTEMS 4.Xurl:https://www.nortekcontrol.com/products/access-control-systems/emerge-browser-managed-access-systems-2/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006145

EXTERNAL IDS
db:NVDid:CVE-2019-7267
Trust: 3.1
db:ICS CERTid:ICSA-20-184-01
Trust: 1.7
db:PACKETSTORMid:155250
Trust: 1.7
db:JVNDBid:JVNDB-2019-006145
Trust: 0.8
db:CNNVDid:CNNVD-201907-096
Trust: 0.7
db:CNVDid:CNVD-2019-34616
Trust: 0.6
db:AUSCERTid:ESB-2020.2294
Trust: 0.6
db:NSFOCUSid:47258
Trust: 0.6
db:VULHUBid:VHN-158702
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-34616 // 
            
            
            
            VULHUB: VHN-158702 // 
            
            
            
            JVNDB: JVNDB-2019-006145 // 
            
            
            
            CNNVD: CNNVD-201907-096 // 
            
            
            
            NVD: CVE-2019-7267

REFERENCES
url:https://www.applied-risk.com/resources/ar-2019-006
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-7267
Trust: 2.0
url:http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html
Trust: 1.7
url:https://applied-risk.com/labs/advisories
Trust: 1.7
url:https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7267
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47258
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2294/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-34616 // 
            
            
            
            VULHUB: VHN-158702 // 
            
            
            
            JVNDB: JVNDB-2019-006145 // 
            
            
            
            CNNVD: CNNVD-201907-096 // 
            
            
            
            NVD: CVE-2019-7267

CREDITS
Sipke Mellema
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-096

SOURCES
db:CNVDid:CNVD-2019-34616
db:VULHUBid:VHN-158702
db:JVNDBid:JVNDB-2019-006145
db:CNNVDid:CNNVD-201907-096
db:NVDid:CVE-2019-7267

LAST UPDATE DATE
2024-11-23T22:11:58.552000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-34616date:2019-10-11T00:00:00
db:VULHUBid:VHN-158702date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2019-006145date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-096date:2020-07-28T00:00:00
db:NVDid:CVE-2019-7267date:2024-11-21T04:47:52.973

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-34616date:2019-10-10T00:00:00
db:VULHUBid:VHN-158702date:2019-07-02T00:00:00
db:JVNDBid:JVNDB-2019-006145date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-096date:2019-07-02T00:00:00
db:NVDid:CVE-2019-7267date:2019-07-02T17:15:12.197