Sign-up

ID

VAR-201911-0609


CVE

CVE-2019-18646


TITLE

Untangle NG firewall In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011865

DESCRIPTION

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. Untangle NG Firewall is a firewall product of Untangle Company in the United States. The product supports functions such as network traffic monitoring, content filtering and security threat protection. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

Trust: 1.71

sources: NVD: CVE-2019-18646 // JVNDB: JVNDB-2019-011865 // VULHUB: VHN-151013

AFFECTED PRODUCTS

vendor:untanglemodel:ng firewallscope:eqversion:14.2.0

Trust: 2.4

sources: JVNDB: JVNDB-2019-011865 // CNNVD: CNNVD-201911-813 // NVD: CVE-2019-18646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18646
value: HIGH

Trust: 1.0

NVD: CVE-2019-18646
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-813
value: HIGH

Trust: 0.6

VULHUB: VHN-151013
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18646
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151013
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18646
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18646
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151013 // JVNDB: JVNDB-2019-011865 // CNNVD: CNNVD-201911-813 // NVD: CVE-2019-18646

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-151013 // JVNDB: JVNDB-2019-011865 // NVD: CVE-2019-18646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-813

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201911-813

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011865

PATCH
title:NG Firewallurl:https://www.untangle.com/untangle-ng-firewall/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011865

EXTERNAL IDS
db:NVDid:CVE-2019-18646
Trust: 2.5
db:JVNDBid:JVNDB-2019-011865
Trust: 0.8
db:CNNVDid:CNNVD-201911-813
Trust: 0.7
db:VULHUBid:VHN-151013
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151013 // 
            
            
            
            JVNDB: JVNDB-2019-011865 // 
            
            
            
            CNNVD: CNNVD-201911-813 // 
            
            
            
            NVD: CVE-2019-18646

REFERENCES
url:https://gist.github.com/alm4ric/ada44ce7de9a30244c2269106c70a145
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-18646
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18646
Trust: 0.8
sources:
            
            
            VULHUB: VHN-151013 // 
            
            
            
            JVNDB: JVNDB-2019-011865 // 
            
            
            
            CNNVD: CNNVD-201911-813 // 
            
            
            
            NVD: CVE-2019-18646

SOURCES
db:VULHUBid:VHN-151013
db:JVNDBid:JVNDB-2019-011865
db:CNNVDid:CNNVD-201911-813
db:NVDid:CVE-2019-18646

LAST UPDATE DATE
2024-11-23T23:08:13.169000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151013date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-011865date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-813date:2019-11-29T00:00:00
db:NVDid:CVE-2019-18646date:2024-11-21T04:33:26.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-151013date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-011865date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-813date:2019-11-14T00:00:00
db:NVDid:CVE-2019-18646date:2019-11-14T15:15:12.013