Sign-up

ID

VAR-201910-0937


CVE

CVE-2019-15020


TITLE

Zingbox Inspector Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010558

DESCRIPTION

A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. There are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.293 and earlier. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user's input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles

Trust: 2.79

sources: NVD: CVE-2019-15020 // JVNDB: JVNDB-2019-010558 // CNVD: CNVD-2019-36667 // CNNVD: CNNVD-201910-612 // VULMON: CVE-2019-15020

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36667

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.293

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.293

Trust: 0.6

sources: CNVD: CNVD-2019-36667 // JVNDB: JVNDB-2019-010558 // NVD: CVE-2019-15020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15020
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15020
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-36667
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-612
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-15020
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15020
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-36667
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36667 // VULMON: CVE-2019-15020 // JVNDB: JVNDB-2019-010558 // CNNVD: CNNVD-201910-612 // NVD: CVE-2019-15020

PROBLEMTYPE DATA

problemtype:CWE-346

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-010558 // NVD: CVE-2019-15020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-612

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-612

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010558

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Palo Alto Networks Zingbox Inspector Command Injection Vulnerability (CNVD-2019-36667)url:https://www.cnvd.org.cn/patchInfo/show/186257
Trust: 0.6
title:Zingbox Inspector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99256
Trust: 0.6
title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=c976a5d22968968321875aea33e3bfb8
Trust: 0.1
title:Palo Alto Networks Security Advisory: CVE-2019-15020 Command Injection in Zingbox Inspectorurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=9f84605461102d5029f7785855ab24cc
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-15020 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36667 // 
            
            
            
            VULMON: CVE-2019-15020 // 
            
            
            
            JVNDB: JVNDB-2019-010558 // 
            
            
            
            CNNVD: CNNVD-201910-612

EXTERNAL IDS
db:NVDid:CVE-2019-15020
Trust: 3.1
db:JVNDBid:JVNDB-2019-010558
Trust: 0.8
db:CNVDid:CNVD-2019-36667
Trust: 0.6
db:CNNVDid:CNNVD-201910-612
Trust: 0.6
db:VULMONid:CVE-2019-15020
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36667 // 
            
            
            
            VULMON: CVE-2019-15020 // 
            
            
            
            JVNDB: JVNDB-2019-010558 // 
            
            
            
            CNNVD: CNNVD-201910-612 // 
            
            
            
            NVD: CVE-2019-15020

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15020
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15020
Trust: 1.7
url:https://securityadvisories.paloaltonetworks.com/home/detail/185
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15020
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/346.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-15020
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110287
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36667 // 
            
            
            
            VULMON: CVE-2019-15020 // 
            
            
            
            JVNDB: JVNDB-2019-010558 // 
            
            
            
            CNNVD: CNNVD-201910-612 // 
            
            
            
            NVD: CVE-2019-15020

SOURCES
db:CNVDid:CNVD-2019-36667
db:VULMONid:CVE-2019-15020
db:JVNDBid:JVNDB-2019-010558
db:CNNVDid:CNNVD-201910-612
db:NVDid:CVE-2019-15020

LAST UPDATE DATE
2024-11-23T23:08:14.230000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36667date:2019-10-23T00:00:00
db:VULMONid:CVE-2019-15020date:2023-02-15T00:00:00
db:JVNDBid:JVNDB-2019-010558date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-612date:2020-10-28T00:00:00
db:NVDid:CVE-2019-15020date:2024-11-21T04:27:53.210

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36667date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15020date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010558date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-612date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15020date:2019-10-09T21:15:13.070