Sign-up

ID

VAR-201910-0938


CVE

CVE-2019-15021


TITLE

Zingbox Inspector Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010559

DESCRIPTION

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Zingbox Inspector Contains an information disclosure vulnerability.Information may be obtained. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT control center solution from Palo Alto Networks. A code issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components

Trust: 2.7

sources: NVD: CVE-2019-15021 // JVNDB: JVNDB-2019-010559 // CNVD: CNVD-2019-36668 // CNNVD: CNNVD-201910-613

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36668

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.294

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.294

Trust: 0.6

sources: CNVD: CNVD-2019-36668 // JVNDB: JVNDB-2019-010559 // NVD: CVE-2019-15021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15021
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15021
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-36668
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-613
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15021
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-36668
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15021
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15021
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36668 // JVNDB: JVNDB-2019-010559 // CNNVD: CNNVD-201910-613 // NVD: CVE-2019-15021

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-010559 // NVD: CVE-2019-15021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-613

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-613

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010559

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Palo Alto Networks Zingbox Inspector Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186233
Trust: 0.6
title:Zingbox Inspector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99257
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36668 // 
            
            
            
            JVNDB: JVNDB-2019-010559 // 
            
            
            
            CNNVD: CNNVD-201910-613

EXTERNAL IDS
db:NVDid:CVE-2019-15021
Trust: 3.0
db:JVNDBid:JVNDB-2019-010559
Trust: 0.8
db:CNVDid:CNVD-2019-36668
Trust: 0.6
db:CNNVDid:CNNVD-201910-613
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36668 // 
            
            
            
            JVNDB: JVNDB-2019-010559 // 
            
            
            
            CNNVD: CNNVD-201910-613 // 
            
            
            
            NVD: CVE-2019-15021

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15021
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15021
Trust: 1.6
url:https://securityadvisories.paloaltonetworks.com/home/detail/188
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15021
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-36668 // 
            
            
            
            JVNDB: JVNDB-2019-010559 // 
            
            
            
            CNNVD: CNNVD-201910-613 // 
            
            
            
            NVD: CVE-2019-15021

SOURCES
db:CNVDid:CNVD-2019-36668
db:JVNDBid:JVNDB-2019-010559
db:CNNVDid:CNNVD-201910-613
db:NVDid:CVE-2019-15021

LAST UPDATE DATE
2024-11-23T22:48:13.486000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36668date:2019-10-23T00:00:00
db:JVNDBid:JVNDB-2019-010559date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-613date:2022-01-04T00:00:00
db:NVDid:CVE-2019-15021date:2024-11-21T04:27:53.323

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36668date:2019-10-22T00:00:00
db:JVNDBid:JVNDB-2019-010559date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-613date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15021date:2019-10-09T21:15:13.133