Sign-up

ID

VAR-201910-0933


CVE

CVE-2019-15016


TITLE

Palo Alto Networks Zingbox Inspector SQL injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-36673 // CNNVD: CNNVD-201910-606

DESCRIPTION

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands

Trust: 2.79

sources: NVD: CVE-2019-15016 // JVNDB: JVNDB-2019-010563 // CNVD: CNVD-2019-36673 // CNNVD: CNNVD-201910-606 // VULMON: CVE-2019-15016

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36673

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.288

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.288

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.288

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.286

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion: -

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.281

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.280

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.287

Trust: 0.6

sources: CNVD: CNVD-2019-36673 // JVNDB: JVNDB-2019-010563 // CNNVD: CNNVD-201910-606 // NVD: CVE-2019-15016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15016
value: HIGH

Trust: 1.0

NVD: CVE-2019-15016
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-36673
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-606
value: HIGH

Trust: 0.6

VULMON: CVE-2019-15016
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15016
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-36673
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15016
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15016
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36673 // VULMON: CVE-2019-15016 // JVNDB: JVNDB-2019-010563 // CNNVD: CNNVD-201910-606 // NVD: CVE-2019-15016

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2019-010563 // NVD: CVE-2019-15016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-606

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-606

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010563

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Palo Alto Networks Zingbox Inspector SQL injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186335
Trust: 0.6
title:Zingbox Inspector SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99250
Trust: 0.6
title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=dfa40f4cc53a56eced3ccfb730642543
Trust: 0.1
title:Palo Alto Networks Security Advisory: CVE-2019-15016 SQL Injection in Zingbox Inspectorurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=bc571911c016e8ec324aaddf315ae1b3
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-15016 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36673 // 
            
            
            
            VULMON: CVE-2019-15016 // 
            
            
            
            JVNDB: JVNDB-2019-010563 // 
            
            
            
            CNNVD: CNNVD-201910-606

EXTERNAL IDS
db:NVDid:CVE-2019-15016
Trust: 3.1
db:JVNDBid:JVNDB-2019-010563
Trust: 0.8
db:CNVDid:CNVD-2019-36673
Trust: 0.6
db:CNNVDid:CNNVD-201910-606
Trust: 0.6
db:VULMONid:CVE-2019-15016
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36673 // 
            
            
            
            VULMON: CVE-2019-15016 // 
            
            
            
            JVNDB: JVNDB-2019-010563 // 
            
            
            
            CNNVD: CNNVD-201910-606 // 
            
            
            
            NVD: CVE-2019-15016

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15016
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15016
Trust: 1.7
url:https://securityadvisories.paloaltonetworks.com/home/detail/173
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15016
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-15016
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110275
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36673 // 
            
            
            
            VULMON: CVE-2019-15016 // 
            
            
            
            JVNDB: JVNDB-2019-010563 // 
            
            
            
            CNNVD: CNNVD-201910-606 // 
            
            
            
            NVD: CVE-2019-15016

SOURCES
db:CNVDid:CNVD-2019-36673
db:VULMONid:CVE-2019-15016
db:JVNDBid:JVNDB-2019-010563
db:CNNVDid:CNNVD-201910-606
db:NVDid:CVE-2019-15016

LAST UPDATE DATE
2024-11-23T21:36:34.975000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36673date:2019-10-23T00:00:00
db:VULMONid:CVE-2019-15016date:2023-02-04T00:00:00
db:JVNDBid:JVNDB-2019-010563date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-606date:2020-02-18T00:00:00
db:NVDid:CVE-2019-15016date:2024-11-21T04:27:52.773

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36673date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15016date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010563date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-606date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15016date:2019-10-09T21:15:12.757