Sign-up

ID

VAR-201910-0940


CVE

CVE-2019-15023


TITLE

Zingbox Inspector Vulnerabilities related to clearing important information in plaintext

Trust: 0.8

sources: JVNDB: JVNDB-2019-010561

DESCRIPTION

A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Zingbox Inspector Contains a vulnerability in the clearing of important information.Information may be obtained. An attacker could use this vulnerability to obtain third-party integrated user credentials. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. There are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.294 and earlier

Trust: 2.79

sources: NVD: CVE-2019-15023 // JVNDB: JVNDB-2019-010561 // CNVD: CNVD-2019-36670 // CNNVD: CNNVD-201910-618 // VULMON: CVE-2019-15023

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36670

AFFECTED PRODUCTS

vendor:zingboxmodel:inspectorscope:lteversion:1.294

Trust: 1.8

vendor:palomodel:alto networks zingbox inspectorscope:lteversion:<=1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.288

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.286

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.293

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion: -

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.281

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.280

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.294

Trust: 0.6

vendor:zingboxmodel:inspectorscope:eqversion:1.287

Trust: 0.6

sources: CNVD: CNVD-2019-36670 // JVNDB: JVNDB-2019-010561 // CNNVD: CNNVD-201910-618 // NVD: CVE-2019-15023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15023
value: HIGH

Trust: 1.0

NVD: CVE-2019-15023
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-36670
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-618
value: HIGH

Trust: 0.6

VULMON: CVE-2019-15023
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15023
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-36670
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15023
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15023
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36670 // VULMON: CVE-2019-15023 // JVNDB: JVNDB-2019-010561 // CNNVD: CNNVD-201910-618 // NVD: CVE-2019-15023

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.8

sources: JVNDB: JVNDB-2019-010561 // NVD: CVE-2019-15023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-618

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-618

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010561

PATCH
title:Top Pageurl:https://www.zingbox.com/
Trust: 0.8
title:Patch for Unknown vulnerability in Palo Alto Networks Zingbox Inspectorurl:https://www.cnvd.org.cn/patchInfo/show/186161
Trust: 0.6
title:Zingbox Inspector Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99261
Trust: 0.6
title:Palo Alto Networks Security Advisory: CVE-2019-15023 Insecure Password Storage in Zingbox Inspectorurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=ee8fe564b4f70fc2f055d5ff6310321b
Trust: 0.1
title:Palo Alto Networks Security Advisory: url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=e32bb68a52a188d42f081e83f8446dfe
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-15023 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36670 // 
            
            
            
            VULMON: CVE-2019-15023 // 
            
            
            
            JVNDB: JVNDB-2019-010561 // 
            
            
            
            CNNVD: CNNVD-201910-618

EXTERNAL IDS
db:NVDid:CVE-2019-15023
Trust: 3.1
db:JVNDBid:JVNDB-2019-010561
Trust: 0.8
db:CNVDid:CNVD-2019-36670
Trust: 0.6
db:CNNVDid:CNNVD-201910-618
Trust: 0.6
db:VULMONid:CVE-2019-15023
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36670 // 
            
            
            
            VULMON: CVE-2019-15023 // 
            
            
            
            JVNDB: JVNDB-2019-010561 // 
            
            
            
            CNNVD: CNNVD-201910-618 // 
            
            
            
            NVD: CVE-2019-15023

REFERENCES
url:https://securityadvisories.paloaltonetworks.com/home/detail/194
Trust: 2.0
url:https://security.paloaltonetworks.com/cve-2019-15023
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-15023
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15023
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/312.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-15023
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110292
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-36670 // 
            
            
            
            VULMON: CVE-2019-15023 // 
            
            
            
            JVNDB: JVNDB-2019-010561 // 
            
            
            
            CNNVD: CNNVD-201910-618 // 
            
            
            
            NVD: CVE-2019-15023

SOURCES
db:CNVDid:CNVD-2019-36670
db:VULMONid:CVE-2019-15023
db:JVNDBid:JVNDB-2019-010561
db:CNNVDid:CNNVD-201910-618
db:NVDid:CVE-2019-15023

LAST UPDATE DATE
2024-11-23T22:44:48.624000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36670date:2019-10-23T00:00:00
db:VULMONid:CVE-2019-15023date:2023-02-15T00:00:00
db:JVNDBid:JVNDB-2019-010561date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-618date:2020-02-18T00:00:00
db:NVDid:CVE-2019-15023date:2024-11-21T04:27:53.543

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36670date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15023date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010561date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-618date:2019-10-09T00:00:00
db:NVDid:CVE-2019-15023date:2019-10-09T21:15:13.273