Details of VAR-201910-0932

ID

VAR-201910-0932

CVE

CVE-2019-15015

TITLE

Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-36672 // CNNVD: CNNVD-201910-605

DESCRIPTION

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. A trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. An attacker could use this vulnerability to gain unauthorized access to the system

Trust: 2.79

sources: NVD: CVE-2019-15015 // JVNDB: JVNDB-2019-010731 // CNVD: CNVD-2019-36672 // CNNVD: CNNVD-201910-605 // VULMON: CVE-2019-15015

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-36672

AFFECTED PRODUCTS

vendor:	zingbox	model:	inspector	scope:	lte	version:	1.294	Trust: 1.8
vendor:	palo	model:	alto networks zingbox inspector	scope:	lte	version:	<=1.294	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.288	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.286	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.293	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	-	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.281	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.280	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.294	Trust: 0.6
vendor:	zingbox	model:	inspector	scope:	eq	version:	1.287	Trust: 0.6

sources: CNVD: CNVD-2019-36672 // JVNDB: JVNDB-2019-010731 // CNNVD: CNNVD-201910-605 // NVD: CVE-2019-15015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15015
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15015
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-36672
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-605
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-15015
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15015
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-36672
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15015
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15015
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-36672 // VULMON: CVE-2019-15015 // JVNDB: JVNDB-2019-010731 // CNNVD: CNNVD-201910-605 // NVD: CVE-2019-15015

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-010731 // NVD: CVE-2019-15015

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-605

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-605

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010731

PATCH

title:	Top Page	url:	https://www.zingbox.com/	Trust: 0.8
title:	Patch for Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability (CNVD-2019-36672)	url:	https://www.cnvd.org.cn/patchInfo/show/186337	Trust: 0.6
title:	Zingbox Inspector Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99249	Trust: 0.6
title:	Palo Alto Networks Security Advisory: CVE-2019-15015 Hardcoded Credentials in Zingbox Inspector	url:	https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=acef70ae92107ca46635a089cd1f522e	Trust: 0.1
title:	Palo Alto Networks Security Advisory:	url:	https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=041b827a06ce544ecda241e4fafcaca8	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-15015	Trust: 0.1

sources: CNVD: CNVD-2019-36672 // VULMON: CVE-2019-15015 // JVNDB: JVNDB-2019-010731 // CNNVD: CNNVD-201910-605

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15015	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-010731	Trust: 0.8
db:	CNVD	id:	CNVD-2019-36672	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-605	Trust: 0.6
db:	VULMON	id:	CVE-2019-15015	Trust: 0.1

sources: CNVD: CNVD-2019-36672 // VULMON: CVE-2019-15015 // JVNDB: JVNDB-2019-010731 // CNNVD: CNNVD-201910-605 // NVD: CVE-2019-15015

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-15015	Trust: 2.0
url:	https://security.paloaltonetworks.com/cve-2019-15015	Trust: 1.7
url:	https://securityadvisories.paloaltonetworks.com/home/detail/170	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15015	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-15015	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110285	Trust: 0.1

sources: CNVD: CNVD-2019-36672 // VULMON: CVE-2019-15015 // JVNDB: JVNDB-2019-010731 // CNNVD: CNNVD-201910-605 // NVD: CVE-2019-15015

SOURCES

db:	CNVD	id:	CNVD-2019-36672
db:	VULMON	id:	CVE-2019-15015
db:	JVNDB	id:	JVNDB-2019-010731
db:	CNNVD	id:	CNNVD-201910-605
db:	NVD	id:	CVE-2019-15015

LAST UPDATE DATE

2024-11-23T22:55:25.595000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-36672	date:	2019-10-23T00:00:00
db:	VULMON	id:	CVE-2019-15015	date:	2023-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-010731	date:	2019-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201910-605	date:	2020-02-18T00:00:00
db:	NVD	id:	CVE-2019-15015	date:	2024-11-21T04:27:52.657

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-36672	date:	2019-10-22T00:00:00
db:	VULMON	id:	CVE-2019-15015	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010731	date:	2019-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201910-605	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-15015	date:	2019-10-09T21:15:12.680