Details of VAR-201907-0422

ID

VAR-201907-0422

CVE

CVE-2019-13379

TITLE

AVTECH Room Alert 3E Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-006264

DESCRIPTION

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. AVTECH Room Alert 3E The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVTECH Software Room Alert 3E is a device used by AVTECH Software to monitor the IT infrastructure. This product is mainly used to monitor the temperature, humidity, power, electricity and smoke of computer rooms or small data centers. There are security vulnerabilities in AVTECH Software Room Alert 3E prior to 2.2.5. An attacker could exploit this vulnerability to increase privileges

Trust: 2.25

sources: NVD: CVE-2019-13379 // JVNDB: JVNDB-2019-006264 // CNVD: CNVD-2019-26823 // VULMON: CVE-2019-13379

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-26823

AFFECTED PRODUCTS

vendor:	avtech	model:	room alert 3e	scope:	lt	version:	2.2.5	Trust: 1.8
vendor:	avtech	model:	software room alert 3e	scope:	lt	version:	2.2.5	Trust: 0.6

sources: CNVD: CNVD-2019-26823 // JVNDB: JVNDB-2019-006264 // NVD: CVE-2019-13379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13379
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13379
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-26823
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-343
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-13379
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-13379
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-26823
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-13379
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-26823 // VULMON: CVE-2019-13379 // JVNDB: JVNDB-2019-006264 // CNNVD: CNNVD-201907-343 // NVD: CVE-2019-13379

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2019-006264 // NVD: CVE-2019-13379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-343

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-343

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006264

PATCH

title:	Room Alert 3E Monitor	url:	https://avtech.com/Products/Environment_Monitors/Room_Alert_3E.htm	Trust: 0.8
title:	Patch for AVTECH Software Room Alert 3E Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/174439	Trust: 0.6
title:	AVTECH Software Room Alert 3E Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94490	Trust: 0.6

sources: CNVD: CNVD-2019-26823 // JVNDB: JVNDB-2019-006264 // CNNVD: CNNVD-201907-343

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13379	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-006264	Trust: 0.8
db:	CNVD	id:	CNVD-2019-26823	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-343	Trust: 0.6
db:	VULMON	id:	CVE-2019-13379	Trust: 0.1

sources: CNVD: CNVD-2019-26823 // VULMON: CVE-2019-13379 // JVNDB: JVNDB-2019-006264 // CNNVD: CNNVD-201907-343 // NVD: CVE-2019-13379

REFERENCES

url:	https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13379	Trust: 2.0
url:	https://www.youtube.com/watch?v=x1py7kmfkvg	Trust: 1.7
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0010	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13379	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-26823 // VULMON: CVE-2019-13379 // JVNDB: JVNDB-2019-006264 // CNNVD: CNNVD-201907-343 // NVD: CVE-2019-13379

SOURCES

db:	CNVD	id:	CNVD-2019-26823
db:	VULMON	id:	CVE-2019-13379
db:	JVNDB	id:	JVNDB-2019-006264
db:	CNNVD	id:	CNNVD-201907-343
db:	NVD	id:	CVE-2019-13379

LAST UPDATE DATE

2024-11-23T22:11:58.044000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-26823	date:	2019-08-15T00:00:00
db:	VULMON	id:	CVE-2019-13379	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-006264	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201907-343	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-13379	date:	2024-11-21T04:24:49.390

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-26823	date:	2019-08-12T00:00:00
db:	VULMON	id:	CVE-2019-13379	date:	2019-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-006264	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201907-343	date:	2019-07-07T00:00:00
db:	NVD	id:	CVE-2019-13379	date:	2019-07-07T16:15:10.227