Sign-up

ID

VAR-201910-0936


CVE

CVE-2019-15019


TITLE

Palo Alto Networks Zingbox Inspector Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-36666 // CNNVD: CNNVD-201910-611

DESCRIPTION

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Zingbox Inspector Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from network systems or products that did not properly validate the input data. No detailed vulnerability details are provided at this time

Trust: 2.79

sources: NVD: CVE-2019-15019 // JVNDB: JVNDB-2019-010565 // CNVD: CNVD-2019-36666 // CNNVD: CNNVD-201910-611 // VULMON: CVE-2019-15019

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36666

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.294

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.288

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.286

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.293

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion: -

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.281

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.280

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.287

Trust: 0.6

sources: CNVD: CNVD-2019-36666 // JVNDB: JVNDB-2019-010565 // CNNVD: CNNVD-201910-611 // NVD: CVE-2019-15019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15019
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15019
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-36666
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-611
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-15019
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15019
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-36666
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15019
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15019
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36666 // VULMON: CVE-2019-15019 // JVNDB: JVNDB-2019-010565 // CNNVD: CNNVD-201910-611 // NVD: CVE-2019-15019

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-010565 // NVD: CVE-2019-15019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-611

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-611

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010565

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Palo Alto Networks Zingbox Inspector Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186307
Trust: 0.6
title:Zingbox Inspector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99255
Trust: 0.6
title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=ffd560113b69675028ec4c8094908e61
Trust: 0.1
title:Palo Alto Networks Security Advisory: CVE-2019-15019 Insecure Firmware Validation in Zingbox Inspectorurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=741d220154ade0c76bd50ba55854f456
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-15019 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36666 // 
            
            
            
            VULMON: CVE-2019-15019 // 
            
            
            
            JVNDB: JVNDB-2019-010565 // 
            
            
            
            CNNVD: CNNVD-201910-611

EXTERNAL IDS
db:NVDid:CVE-2019-15019
Trust: 3.1
db:JVNDBid:JVNDB-2019-010565
Trust: 0.8
db:CNVDid:CNVD-2019-36666
Trust: 0.6
db:CNNVDid:CNNVD-201910-611
Trust: 0.6
db:VULMONid:CVE-2019-15019
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36666 // 
            
            
            
            VULMON: CVE-2019-15019 // 
            
            
            
            JVNDB: JVNDB-2019-010565 // 
            
            
            
            CNNVD: CNNVD-201910-611 // 
            
            
            
            NVD: CVE-2019-15019

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15019
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15019
Trust: 1.7
url:https://securityadvisories.paloaltonetworks.com/home/detail/182
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15019
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-15019
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110281
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36666 // 
            
            
            
            VULMON: CVE-2019-15019 // 
            
            
            
            JVNDB: JVNDB-2019-010565 // 
            
            
            
            CNNVD: CNNVD-201910-611 // 
            
            
            
            NVD: CVE-2019-15019

SOURCES
db:CNVDid:CNVD-2019-36666
db:VULMONid:CVE-2019-15019
db:JVNDBid:JVNDB-2019-010565
db:CNNVDid:CNNVD-201910-611
db:NVDid:CVE-2019-15019

LAST UPDATE DATE
2024-11-23T22:11:47.768000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36666date:2019-10-23T00:00:00
db:VULMONid:CVE-2019-15019date:2023-02-15T00:00:00
db:JVNDBid:JVNDB-2019-010565date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-611date:2020-02-18T00:00:00
db:NVDid:CVE-2019-15019date:2024-11-21T04:27:53.100

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36666date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15019date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010565date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-611date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15019date:2019-10-09T21:15:13.007