Sign-up

ID

VAR-201909-0611


CVE

CVE-2019-16102


TITLE

Silver Peak EdgeConnect SD-WAN Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009040

DESCRIPTION

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. Silver Peak EdgeConnect SD-WAN Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The platform mainly provides functions such as path conditioning, application classification, routing and virtual WAN overlay. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-16102 // JVNDB: JVNDB-2019-009040 // VULHUB: VHN-148215

AFFECTED PRODUCTS

vendor:silver peakmodel:unity edgeconnect sd-wanscope:eqversion:8.1.4.9_65644

Trust: 1.0

vendor:silver peakmodel:unity edgeconnect sd-wanscope:ltversion:8.1.7.x

Trust: 0.8

sources: JVNDB: JVNDB-2019-009040 // NVD: CVE-2019-16102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16102
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16102
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-289
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148215
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-16102
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148215
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16102
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-148215 // JVNDB: JVNDB-2019-009040 // CNNVD: CNNVD-201909-289 // NVD: CVE-2019-16102

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-148215 // JVNDB: JVNDB-2019-009040 // NVD: CVE-2019-16102

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-289

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009040

PATCH
title:Unity EdgeConnecturl:https://www.silver-peak.com/products/unity-edge-connect
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009040

EXTERNAL IDS
db:NVDid:CVE-2019-16102
Trust: 2.5
db:JVNDBid:JVNDB-2019-009040
Trust: 0.8
db:CNNVDid:CNNVD-201909-289
Trust: 0.7
db:VULHUBid:VHN-148215
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148215 // 
            
            
            
            JVNDB: JVNDB-2019-009040 // 
            
            
            
            CNNVD: CNNVD-201909-289 // 
            
            
            
            NVD: CVE-2019-16102

REFERENCES
url:https://github.com/sdnewhop/sdwannewhope/blob/master/reports/silverpeak%20edgeconnect%20multiple%20vulnerabilities%20-%20032018.pdf
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16102
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-16102
Trust: 0.8
sources:
            
            
            VULHUB: VHN-148215 // 
            
            
            
            JVNDB: JVNDB-2019-009040 // 
            
            
            
            CNNVD: CNNVD-201909-289 // 
            
            
            
            NVD: CVE-2019-16102

SOURCES
db:VULHUBid:VHN-148215
db:JVNDBid:JVNDB-2019-009040
db:CNNVDid:CNNVD-201909-289
db:NVDid:CVE-2019-16102

LAST UPDATE DATE
2024-11-23T22:48:14.944000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148215date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009040date:2019-09-11T00:00:00
db:CNNVDid:CNNVD-201909-289date:2020-09-02T00:00:00
db:NVDid:CVE-2019-16102date:2024-11-21T04:30:02.687

SOURCES RELEASE DATE
db:VULHUBid:VHN-148215date:2019-09-08T00:00:00
db:JVNDBid:JVNDB-2019-009040date:2019-09-11T00:00:00
db:CNNVDid:CNNVD-201909-289date:2019-09-08T00:00:00
db:NVDid:CVE-2019-16102date:2019-09-08T17:15:10.973