Details of VAR-201907-0170

ID

VAR-201907-0170

CVE

CVE-2019-7269

TITLE

Linear eMerge 50P/5000P In the device OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006015

DESCRIPTION

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Linear eMerge 50P/5000P The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

Trust: 1.71

sources: NVD: CVE-2019-7269 // JVNDB: JVNDB-2019-006015 // VULHUB: VHN-158704

AFFECTED PRODUCTS

vendor:	nortekcontrol	model:	linear emerge 50p	scope:	lte	version:	4.6.07	Trust: 1.0
vendor:	nortekcontrol	model:	linear emerge 5000p	scope:	lte	version:	4.6.07	Trust: 1.0
vendor:	nortek	model:	linear emerge 5000p	scope:	-	version:	-	Trust: 0.8
vendor:	nortek	model:	linear emerge 50p	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006015 // NVD: CVE-2019-7269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7269
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-7269
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-094
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158704
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-7269
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158704
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7269
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-7269
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158704 // JVNDB: JVNDB-2019-006015 // CNNVD: CNNVD-201907-094 // NVD: CVE-2019-7269

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-158704 // JVNDB: JVNDB-2019-006015 // NVD: CVE-2019-7269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-094

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006015

PATCH

title:

Top Page

url:

https://www.nortekcontrol.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-006015

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7269	Trust: 2.5
db:	ICS CERT	id:	ICSA-20-184-01	Trust: 1.7
db:	PACKETSTORM	id:	155250	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-006015	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-094	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2294	Trust: 0.6
db:	NSFOCUS	id:	47608	Trust: 0.6
db:	EXPLOIT-DB	id:	47624	Trust: 0.6
db:	VULHUB	id:	VHN-158704	Trust: 0.1

sources: VULHUB: VHN-158704 // JVNDB: JVNDB-2019-006015 // CNNVD: CNNVD-201907-094 // NVD: CVE-2019-7269

REFERENCES

url:	https://www.applied-risk.com/resources/ar-2019-006	Trust: 2.5
url:	http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html	Trust: 1.7
url:	https://applied-risk.com/labs/advisories	Trust: 1.7
url:	https://www.us-cert.gov/ics/advisories/icsa-20-184-01	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7269	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7269	Trust: 0.8
url:	https://www.exploit-db.com/exploits/47624	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2294/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47608	Trust: 0.6

sources: VULHUB: VHN-158704 // JVNDB: JVNDB-2019-006015 // CNNVD: CNNVD-201907-094 // NVD: CVE-2019-7269

CREDITS

LiquidWorm,Sipke Mellema

Trust: 0.6

sources: CNNVD: CNNVD-201907-094

SOURCES

db:	VULHUB	id:	VHN-158704
db:	JVNDB	id:	JVNDB-2019-006015
db:	CNNVD	id:	CNNVD-201907-094
db:	NVD	id:	CVE-2019-7269

LAST UPDATE DATE

2024-11-23T22:11:58.432000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158704	date:	2020-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006015	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201907-094	date:	2020-08-12T00:00:00
db:	NVD	id:	CVE-2019-7269	date:	2024-11-21T04:47:53.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158704	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006015	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201907-094	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-7269	date:	2019-07-02T17:15:12.320