Sign-up

ID

VAR-201910-0939


CVE

CVE-2019-15022


TITLE

Zingbox Inspector Vulnerabilities in spoofing authentication bypass

Trust: 0.8

sources: JVNDB: JVNDB-2019-010560

DESCRIPTION

A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. An attacker could use this vulnerability to obtain sensitive information or cause a denial of service. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. Attackers can use this vulnerability to perform ARP spoofing attacks

Trust: 2.79

sources: NVD: CVE-2019-15022 // JVNDB: JVNDB-2019-010560 // CNVD: CNVD-2019-36669 // CNNVD: CNNVD-201910-617 // VULMON: CVE-2019-15022

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36669

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.294

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.288

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.286

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.293

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion: -

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.281

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.280

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.287

Trust: 0.6

sources: CNVD: CNVD-2019-36669 // JVNDB: JVNDB-2019-010560 // CNNVD: CNNVD-201910-617 // NVD: CVE-2019-15022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15022
value: HIGH

Trust: 1.0

NVD: CVE-2019-15022
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-36669
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-617
value: HIGH

Trust: 0.6

VULMON: CVE-2019-15022
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15022
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-36669
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15022
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15022
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36669 // VULMON: CVE-2019-15022 // JVNDB: JVNDB-2019-010560 // CNNVD: CNNVD-201910-617 // NVD: CVE-2019-15022

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.8

sources: JVNDB: JVNDB-2019-010560 // NVD: CVE-2019-15022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-617

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-617

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010560

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Palo Alto Networks Zingbox Inspector Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186171
Trust: 0.6
title:Zingbox Inspector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99260
Trust: 0.6
title:Palo Alto Networks Security Advisory: CVE-2019-15022 ARP Spoofing in Zingbox Inspectorurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=e008cfcabf3ac9e7d4a741821984c947
Trust: 0.1
title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=56ac1dcb82286a9304dfe09c7fd64438
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-15022 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36669 // 
            
            
            
            VULMON: CVE-2019-15022 // 
            
            
            
            JVNDB: JVNDB-2019-010560 // 
            
            
            
            CNNVD: CNNVD-201910-617

EXTERNAL IDS
db:NVDid:CVE-2019-15022
Trust: 3.1
db:JVNDBid:JVNDB-2019-010560
Trust: 0.8
db:CNVDid:CNVD-2019-36669
Trust: 0.6
db:CNNVDid:CNNVD-201910-617
Trust: 0.6
db:VULMONid:CVE-2019-15022
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36669 // 
            
            
            
            VULMON: CVE-2019-15022 // 
            
            
            
            JVNDB: JVNDB-2019-010560 // 
            
            
            
            CNNVD: CNNVD-201910-617 // 
            
            
            
            NVD: CVE-2019-15022

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15022
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15022
Trust: 1.7
url:https://securityadvisories.paloaltonetworks.com/home/detail/191
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15022
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/290.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-15022
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110979
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36669 // 
            
            
            
            VULMON: CVE-2019-15022 // 
            
            
            
            JVNDB: JVNDB-2019-010560 // 
            
            
            
            CNNVD: CNNVD-201910-617 // 
            
            
            
            NVD: CVE-2019-15022

SOURCES
db:CNVDid:CNVD-2019-36669
db:VULMONid:CVE-2019-15022
db:JVNDBid:JVNDB-2019-010560
db:CNNVDid:CNNVD-201910-617
db:NVDid:CVE-2019-15022

LAST UPDATE DATE
2024-11-23T22:16:48.375000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36669date:2019-10-23T00:00:00
db:VULMONid:CVE-2019-15022date:2023-02-15T00:00:00
db:JVNDBid:JVNDB-2019-010560date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-617date:2020-02-18T00:00:00
db:NVDid:CVE-2019-15022date:2024-11-21T04:27:53.433

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36669date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15022date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010560date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-617date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15022date:2019-10-09T21:15:13.210