Details of VAR-201908-0080

ID

VAR-201908-0080

CVE

CVE-2019-5034

TITLE

Nest Cam IQ Indoor Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-008519

DESCRIPTION

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability. Nest Cam IQ Indoor Contains an out-of-bounds vulnerability.Information may be obtained. An attacker could use this vulnerability to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.25

sources: NVD: CVE-2019-5034 // JVNDB: JVNDB-2019-008519 // CNVD: CNVD-2019-35887 // VULHUB: VHN-156469

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-35887

AFFECTED PRODUCTS

vendor:

google

model:

nest cam iq indoor

scope:

version:

4620002

Trust: 2.4

sources: CNVD: CNVD-2019-35887 // JVNDB: JVNDB-2019-008519 // NVD: CVE-2019-5034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5034
value:	MEDIUM
Trust: 1.0
talos-cna@cisco.com:	CVE-2019-5034
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5034
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-35887
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-1262
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-156469
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5034
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-35887
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-156469
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

talos-cna@cisco.com:	CVE-2019-5034
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-5034
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-35887 // VULHUB: VHN-156469 // JVNDB: JVNDB-2019-008519 // CNNVD: CNNVD-201908-1262 // NVD: CVE-2019-5034 // NVD: CVE-2019-5034

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-156469 // JVNDB: JVNDB-2019-008519 // NVD: CVE-2019-5034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1262

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1262

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008519

PATCH

title:

Nest Cam IQ Indoor

url:

https://support.google.com/googlenest/answer/9231650?hl=ja

Trust: 0.8

sources: JVNDB: JVNDB-2019-008519

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5034	Trust: 3.1
db:	TALOS	id:	TALOS-2019-0797	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-008519	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1262	Trust: 0.7
db:	CNVD	id:	CNVD-2019-35887	Trust: 0.6
db:	VULHUB	id:	VHN-156469	Trust: 0.1

sources: CNVD: CNVD-2019-35887 // VULHUB: VHN-156469 // JVNDB: JVNDB-2019-008519 // CNNVD: CNNVD-201908-1262 // NVD: CVE-2019-5034

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0797	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5034	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2019-0797	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5034	Trust: 0.8

sources: CNVD: CNVD-2019-35887 // VULHUB: VHN-156469 // JVNDB: JVNDB-2019-008519 // CNNVD: CNNVD-201908-1262 // NVD: CVE-2019-5034

CREDITS

Discovered by Lilith Wyatt and Claudio Bozzato of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201908-1262

SOURCES

db:	CNVD	id:	CNVD-2019-35887
db:	VULHUB	id:	VHN-156469
db:	JVNDB	id:	JVNDB-2019-008519
db:	CNNVD	id:	CNNVD-201908-1262
db:	NVD	id:	CVE-2019-5034

LAST UPDATE DATE

2024-11-23T22:25:49.537000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-35887	date:	2019-10-18T00:00:00
db:	VULHUB	id:	VHN-156469	date:	2019-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-008519	date:	2019-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201908-1262	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2019-5034	date:	2024-11-21T04:44:13.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-35887	date:	2019-10-15T00:00:00
db:	VULHUB	id:	VHN-156469	date:	2019-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-008519	date:	2019-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201908-1262	date:	2019-08-19T00:00:00
db:	NVD	id:	CVE-2019-5034	date:	2019-08-20T22:15:11.567