Sign-up

ID

VAR-201910-0934


CVE

CVE-2019-15017


TITLE

Zingbox Inspector Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-010612

DESCRIPTION

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. A trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components

Trust: 2.79

sources: NVD: CVE-2019-15017 // JVNDB: JVNDB-2019-010612 // CNVD: CNVD-2019-36674 // CNNVD: CNNVD-201910-608 // VULMON: CVE-2019-15017

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36674

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.294

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.288

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.286

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.293

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion: -

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.281

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.280

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.287

Trust: 0.6

sources: CNVD: CNVD-2019-36674 // JVNDB: JVNDB-2019-010612 // CNNVD: CNNVD-201910-608 // NVD: CVE-2019-15017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15017
value: HIGH

Trust: 1.0

NVD: CVE-2019-15017
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-36674
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-608
value: HIGH

Trust: 0.6

VULMON: CVE-2019-15017
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15017
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-36674
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15017
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15017
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36674 // VULMON: CVE-2019-15017 // JVNDB: JVNDB-2019-010612 // CNNVD: CNNVD-201910-608 // NVD: CVE-2019-15017

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-010612 // NVD: CVE-2019-15017

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-608

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-608

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010612

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability (CNVD-2019-36674)url:https://www.cnvd.org.cn/patchInfo/show/186331
Trust: 0.6
title:Zingbox Inspector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99252
Trust: 0.6
title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=669c464610c267eab07ee2d5e1821107
Trust: 0.1
title:Palo Alto Networks Security Advisory: CVE-2019-15017 SSH Service Exposed in Zingbox Inspectorurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=52a53343fc1cdd39ddcf8338d55a15b5
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-15017 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36674 // 
            
            
            
            VULMON: CVE-2019-15017 // 
            
            
            
            JVNDB: JVNDB-2019-010612 // 
            
            
            
            CNNVD: CNNVD-201910-608

EXTERNAL IDS
db:NVDid:CVE-2019-15017
Trust: 3.1
db:JVNDBid:JVNDB-2019-010612
Trust: 0.8
db:CNVDid:CNVD-2019-36674
Trust: 0.6
db:CNNVDid:CNNVD-201910-608
Trust: 0.6
db:VULMONid:CVE-2019-15017
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36674 // 
            
            
            
            VULMON: CVE-2019-15017 // 
            
            
            
            JVNDB: JVNDB-2019-010612 // 
            
            
            
            CNNVD: CNNVD-201910-608 // 
            
            
            
            NVD: CVE-2019-15017

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15017
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15017
Trust: 1.7
url:https://securityadvisories.paloaltonetworks.com/home/detail/176
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15017
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-15017
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110276
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36674 // 
            
            
            
            VULMON: CVE-2019-15017 // 
            
            
            
            JVNDB: JVNDB-2019-010612 // 
            
            
            
            CNNVD: CNNVD-201910-608 // 
            
            
            
            NVD: CVE-2019-15017

SOURCES
db:CNVDid:CNVD-2019-36674
db:VULMONid:CVE-2019-15017
db:JVNDBid:JVNDB-2019-010612
db:CNNVDid:CNNVD-201910-608
db:NVDid:CVE-2019-15017

LAST UPDATE DATE
2024-11-23T23:04:36.736000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36674date:2019-10-23T00:00:00
db:VULMONid:CVE-2019-15017date:2023-02-04T00:00:00
db:JVNDBid:JVNDB-2019-010612date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-608date:2020-02-18T00:00:00
db:NVDid:CVE-2019-15017date:2024-11-21T04:27:52.883

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36674date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15017date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010612date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-608date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15017date:2019-10-09T21:15:12.837