Details of VAR-201910-0931

ID

VAR-201910-0931

CVE

CVE-2019-15014

TITLE

Zingbox Inspector Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010562

DESCRIPTION

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user's input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands

Trust: 2.7

sources: NVD: CVE-2019-15014 // JVNDB: JVNDB-2019-010562 // CNVD: CNVD-2019-36671 // CNNVD: CNNVD-201910-604

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-36671

AFFECTED PRODUCTS

vendor:	zingbox	model:	inspector	scope:	lte	version:	1.286	Trust: 1.8
vendor:	palo	model:	alto networks zingbox inspector	scope:	lte	version:	<=1.286	Trust: 0.6

sources: CNVD: CNVD-2019-36671 // JVNDB: JVNDB-2019-010562 // NVD: CVE-2019-15014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15014
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15014
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-36671
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-604
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-15014
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-36671
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15014
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15014
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-36671 // JVNDB: JVNDB-2019-010562 // CNNVD: CNNVD-201910-604 // NVD: CVE-2019-15014

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-74	Trust: 0.8

sources: JVNDB: JVNDB-2019-010562 // NVD: CVE-2019-15014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-604

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-604

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010562

PATCH

title:	Top Page	url:	https://www.zingbox.com/	Trust: 0.8
title:	Patch for Palo Alto Networks Zingbox Inspector command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/186339	Trust: 0.6
title:	Zingbox Inspector Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99248	Trust: 0.6

sources: CNVD: CNVD-2019-36671 // JVNDB: JVNDB-2019-010562 // CNNVD: CNNVD-201910-604

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15014	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-010562	Trust: 0.8
db:	CNVD	id:	CNVD-2019-36671	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-604	Trust: 0.6

sources: CNVD: CNVD-2019-36671 // JVNDB: JVNDB-2019-010562 // CNNVD: CNNVD-201910-604 // NVD: CVE-2019-15014

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-15014	Trust: 2.0
url:	https://security.paloaltonetworks.com/cve-2019-15014	Trust: 1.6
url:	https://securityadvisories.paloaltonetworks.com/home/detail/167	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15014	Trust: 0.8

sources: CNVD: CNVD-2019-36671 // JVNDB: JVNDB-2019-010562 // CNNVD: CNNVD-201910-604 // NVD: CVE-2019-15014

SOURCES

db:	CNVD	id:	CNVD-2019-36671
db:	JVNDB	id:	JVNDB-2019-010562
db:	CNNVD	id:	CNNVD-201910-604
db:	NVD	id:	CVE-2019-15014

LAST UPDATE DATE

2024-11-23T22:37:37.356000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-36671	date:	2019-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-010562	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-604	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-15014	date:	2024-11-21T04:27:52.547

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-36671	date:	2019-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-010562	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-604	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-15014	date:	2019-10-09T21:15:12.600