ID
VAR-201908-0111
CVE
CVE-2019-5401
TITLE
HP2910al-48G Vulnerable to cross-site scripting
Trust: 0.8
DESCRIPTION
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. HP2910al-48G Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. HP 2910al-48G is an Ethernet switch from Hewlett Packard Enterprise (HPE). An arbitrary command execution vulnerability exists in the HP 2910al-48G W.15.14.0016 version. Attackers can use this vulnerability to execute arbitrary commands
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | hp | model: | hp2910al-48g | scope: | eq | version: | w.15.14.00.16 | Trust: 1.0 |
| vendor: | hewlett packard | model: | hp2910al-48g | scope: | eq | version: | w.15.14.0016 | Trust: 0.8 |
| vendor: | hp | model: | 2910al-48g w.15.14.0016 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | hpesbhf03944en_us | url: | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03944en_us | Trust: 0.8 |
| title: | Patch for HP 2910al-48G arbitrary command execution vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/193663 | Trust: 0.6 |
| title: | HP 2910al-48G Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95924 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-5401 | Trust: 3.1 |
| db: | AUSCERT | id: | ESB-2019.3035 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2019-007410 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201908-164 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-44746 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-156836 | Trust: 0.1 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-5401 | Trust: 2.0 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.3035/ | Trust: 1.2 |
| url: | https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03944en_us | Trust: 1.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5401 | Trust: 0.8 |
| url: | https://support.hpe.com/hpsc/doc/public/display?docid=hpesbhf03944en_us | Trust: 0.6 |
| url: | https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03944en_us | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2019-44746 |
| db: | VULHUB | id: | VHN-156836 |
| db: | JVNDB | id: | JVNDB-2019-007410 |
| db: | CNNVD | id: | CNNVD-201908-164 |
| db: | NVD | id: | CVE-2019-5401 |
LAST UPDATE DATE
2024-11-23T22:11:56.483000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-44746 | date: | 2019-12-11T00:00:00 |
| db: | VULHUB | id: | VHN-156836 | date: | 2019-08-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-007410 | date: | 2019-08-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201908-164 | date: | 2019-09-04T00:00:00 |
| db: | NVD | id: | CVE-2019-5401 | date: | 2024-11-21T04:44:52.380 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-44746 | date: | 2019-12-11T00:00:00 |
| db: | VULHUB | id: | VHN-156836 | date: | 2019-08-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-007410 | date: | 2019-08-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201908-164 | date: | 2019-08-01T00:00:00 |
| db: | NVD | id: | CVE-2019-5401 | date: | 2019-08-01T22:15:12.037 |