Sign-up

ID

VAR-201911-0610


CVE

CVE-2019-18647


TITLE

Untangle NG firewall Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011863

DESCRIPTION

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. Untangle NG firewall Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-18647 // JVNDB: JVNDB-2019-011863 // VULHUB: VHN-151014

AFFECTED PRODUCTS

vendor:untanglemodel:ng firewallscope:eqversion:14.2.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-011863 // NVD: CVE-2019-18647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18647
value: HIGH

Trust: 1.0

NVD: CVE-2019-18647
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-814
value: HIGH

Trust: 0.6

VULHUB: VHN-151014
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18647
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151014
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18647
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18647
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151014 // JVNDB: JVNDB-2019-011863 // CNNVD: CNNVD-201911-814 // NVD: CVE-2019-18647

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-74

Trust: 0.8

sources: VULHUB: VHN-151014 // JVNDB: JVNDB-2019-011863 // NVD: CVE-2019-18647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-814

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201911-814

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011863

PATCH
title:NG Firewallurl:https://www.untangle.com/untangle-ng-firewall/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011863

EXTERNAL IDS
db:NVDid:CVE-2019-18647
Trust: 2.5
db:JVNDBid:JVNDB-2019-011863
Trust: 0.8
db:CNNVDid:CNNVD-201911-814
Trust: 0.6
db:VULHUBid:VHN-151014
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151014 // 
            
            
            
            JVNDB: JVNDB-2019-011863 // 
            
            
            
            CNNVD: CNNVD-201911-814 // 
            
            
            
            NVD: CVE-2019-18647

REFERENCES
url:https://gist.github.com/alm4ric/ada44ce7de9a30244c2269106c70a145
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-18647
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18647
Trust: 0.8
sources:
            
            
            VULHUB: VHN-151014 // 
            
            
            
            JVNDB: JVNDB-2019-011863 // 
            
            
            
            CNNVD: CNNVD-201911-814 // 
            
            
            
            NVD: CVE-2019-18647

SOURCES
db:VULHUBid:VHN-151014
db:JVNDBid:JVNDB-2019-011863
db:CNNVDid:CNNVD-201911-814
db:NVDid:CVE-2019-18647

LAST UPDATE DATE
2024-11-23T22:48:12.288000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151014date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-011863date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-814date:2020-08-25T00:00:00
db:NVDid:CVE-2019-18647date:2024-11-21T04:33:26.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-151014date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-011863date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-814date:2019-11-14T00:00:00
db:NVDid:CVE-2019-18647date:2019-11-14T15:15:12.077