Sign-up

ID

VAR-201910-0278


CVE

CVE-2019-5043


TITLE

Google Nest Cam IQ Indoor Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-28703 // CNNVD: CNNVD-201908-1275

DESCRIPTION

An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. Google Nest Cam IQ Indoor is an indoor camera from Google. The Weave daemon in Google Nest Cam IQ Indoor 4620002 has a resource management error vulnerability that stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products that an attacker can exploit. Denial of service

Trust: 2.25

sources: NVD: CVE-2019-5043 // JVNDB: JVNDB-2019-011527 // CNVD: CNVD-2019-28703 // VULMON: CVE-2019-5043

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-28703

AFFECTED PRODUCTS

vendor:googlemodel:nest cam iq indoorscope:eqversion:4620002

Trust: 2.4

sources: CNVD: CNVD-2019-28703 // JVNDB: JVNDB-2019-011527 // NVD: CVE-2019-5043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5043
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5043
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5043
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-28703
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-1275
value: HIGH

Trust: 0.6

VULMON: CVE-2019-5043
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-5043
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-28703
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5043
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5043
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-5043
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-28703 // VULMON: CVE-2019-5043 // JVNDB: JVNDB-2019-011527 // CNNVD: CNNVD-201908-1275 // NVD: CVE-2019-5043 // NVD: CVE-2019-5043

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

problemtype:CWE-770

Trust: 1.0

sources: JVNDB: JVNDB-2019-011527 // NVD: CVE-2019-5043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1275

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011527

PATCH
title:Nest Cam IQ Indoorurl:https://support.google.com/googlenest/answer/9231650?hl=ja
Trust: 0.8
title:Threatposturl:https://threatpost.com/google-nest-security-cam-takeover/147477/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5043 // 
            
            
            
            JVNDB: JVNDB-2019-011527

EXTERNAL IDS
db:TALOSid:TALOS-2019-0810
Trust: 3.1
db:NVDid:CVE-2019-5043
Trust: 3.1
db:JVNDBid:JVNDB-2019-011527
Trust: 0.8
db:CNVDid:CNVD-2019-28703
Trust: 0.6
db:CNNVDid:CNNVD-201908-1275
Trust: 0.6
db:VULMONid:CVE-2019-5043
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-28703 // 
            
            
            
            VULMON: CVE-2019-5043 // 
            
            
            
            JVNDB: JVNDB-2019-011527 // 
            
            
            
            CNNVD: CNNVD-201908-1275 // 
            
            
            
            NVD: CVE-2019-5043

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0810
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-5043
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0810
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5043
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/770.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/google-nest-security-cam-takeover/147477/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-28703 // 
            
            
            
            VULMON: CVE-2019-5043 // 
            
            
            
            JVNDB: JVNDB-2019-011527 // 
            
            
            
            CNNVD: CNNVD-201908-1275 // 
            
            
            
            NVD: CVE-2019-5043

CREDITS
Discovered by Lilith Wyatt and Claudio Bozzato of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1275

SOURCES
db:CNVDid:CNVD-2019-28703
db:VULMONid:CVE-2019-5043
db:JVNDBid:JVNDB-2019-011527
db:CNNVDid:CNNVD-201908-1275
db:NVDid:CVE-2019-5043

LAST UPDATE DATE
2024-11-23T22:33:44.853000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-28703date:2019-08-26T00:00:00
db:VULMONid:CVE-2019-5043date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-011527date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201908-1275date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5043date:2024-11-21T04:44:14.353

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-28703date:2019-08-26T00:00:00
db:VULMONid:CVE-2019-5043date:2019-10-31T00:00:00
db:JVNDBid:JVNDB-2019-011527date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201908-1275date:2019-08-19T00:00:00
db:NVDid:CVE-2019-5043date:2019-10-31T21:15:13.527