Sign-up

ID

VAR-201911-0441


CVE

CVE-2019-15652


TITLE

NSSLGlobal Technologies SatLink VSAT Modem Unit Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-45015 // CNNVD: CNNVD-201911-1301

DESCRIPTION

The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code. NSSLGlobal SatLink VSAT Modem Unit (VMU) The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NSSLGlobal Technologies SatLink VSAT Modem Unit (VMU) is a Very Small Aperture Terminal (VSAT) modem from NSSLGlobal Technologies. Cross-site scripting vulnerability exists in the web interface in NSSLGlobal Technologies SatLink VMU versions prior to 18.1.0. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-15652 // JVNDB: JVNDB-2019-012587 // CNVD: CNVD-2019-45015

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-45015

AFFECTED PRODUCTS

vendor:nssglobalmodel:vmu softwarescope:ltversion:18.1.0

Trust: 1.0

vendor:nsslglobalmodel:vmu softwarescope:ltversion:18.1.0

Trust: 0.8

vendor:nsslglobalmodel:satlink vmuscope:ltversion:18.1.0

Trust: 0.6

vendor:nssglobalmodel:satlink 2000scope:eqversion: -

Trust: 0.6

vendor:nssglobalmodel:satlink 2910scope:eqversion: -

Trust: 0.6

vendor:nssglobalmodel:satlink 2900scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-45015 // JVNDB: JVNDB-2019-012587 // CNNVD: CNNVD-201911-1301 // NVD: CVE-2019-15652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15652
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15652
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-45015
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1301
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15652
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-45015
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15652
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-15652
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-45015 // JVNDB: JVNDB-2019-012587 // CNNVD: CNNVD-201911-1301 // NVD: CVE-2019-15652

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-012587 // NVD: CVE-2019-15652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1301

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201911-1301

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012587

PATCH
title:Top Pageurl:https://www.nsslglobal.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012587

EXTERNAL IDS
db:NVDid:CVE-2019-15652
Trust: 3.0
db:JVNDBid:JVNDB-2019-012587
Trust: 0.8
db:CNVDid:CNVD-2019-45015
Trust: 0.6
db:CNNVDid:CNNVD-201911-1301
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45015 // 
            
            
            
            JVNDB: JVNDB-2019-012587 // 
            
            
            
            CNNVD: CNNVD-201911-1301 // 
            
            
            
            NVD: CVE-2019-15652

REFERENCES
url:https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-15652-satlink-vsat-vulnerabilities/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15652
Trust: 2.0
url:https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26455
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15652
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-45015 // 
            
            
            
            JVNDB: JVNDB-2019-012587 // 
            
            
            
            CNNVD: CNNVD-201911-1301 // 
            
            
            
            NVD: CVE-2019-15652

SOURCES
db:CNVDid:CNVD-2019-45015
db:JVNDBid:JVNDB-2019-012587
db:CNNVDid:CNNVD-201911-1301
db:NVDid:CVE-2019-15652

LAST UPDATE DATE
2024-11-23T22:16:47.161000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-45015date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2019-012587date:2019-12-05T00:00:00
db:CNNVDid:CNNVD-201911-1301date:2019-12-05T00:00:00
db:NVDid:CVE-2019-15652date:2024-11-21T04:29:12.440

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-45015date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2019-012587date:2019-12-05T00:00:00
db:CNNVDid:CNNVD-201911-1301date:2019-11-22T00:00:00
db:NVDid:CVE-2019-15652date:2019-11-22T18:15:10.843