Sign-up

ID

VAR-201911-0611


CVE

CVE-2019-18648


TITLE

Untangle NG firewall Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-011864

DESCRIPTION

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. Untangle NG firewall Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product supports functions such as network traffic monitoring, content filtering and security threat protection. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-18648 // JVNDB: JVNDB-2019-011864 // VULHUB: VHN-151015

AFFECTED PRODUCTS

vendor:untanglemodel:ng firewallscope:eqversion:14.2.0

Trust: 2.4

sources: JVNDB: JVNDB-2019-011864 // CNNVD: CNNVD-201911-816 // NVD: CVE-2019-18648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18648
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18648
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-816
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151015
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-18648
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151015
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18648
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-18648
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151015 // JVNDB: JVNDB-2019-011864 // CNNVD: CNNVD-201911-816 // NVD: CVE-2019-18648

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-151015 // JVNDB: JVNDB-2019-011864 // NVD: CVE-2019-18648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-816

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201911-816

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011864

PATCH
title:NG Firewallurl:https://www.untangle.com/untangle-ng-firewall/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011864

EXTERNAL IDS
db:NVDid:CVE-2019-18648
Trust: 2.5
db:JVNDBid:JVNDB-2019-011864
Trust: 0.8
db:CNNVDid:CNNVD-201911-816
Trust: 0.7
db:VULHUBid:VHN-151015
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151015 // 
            
            
            
            JVNDB: JVNDB-2019-011864 // 
            
            
            
            CNNVD: CNNVD-201911-816 // 
            
            
            
            NVD: CVE-2019-18648

REFERENCES
url:https://gist.github.com/alm4ric/ada44ce7de9a30244c2269106c70a145
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-18648
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18648
Trust: 0.8
sources:
            
            
            VULHUB: VHN-151015 // 
            
            
            
            JVNDB: JVNDB-2019-011864 // 
            
            
            
            CNNVD: CNNVD-201911-816 // 
            
            
            
            NVD: CVE-2019-18648

SOURCES
db:VULHUBid:VHN-151015
db:JVNDBid:JVNDB-2019-011864
db:CNNVDid:CNNVD-201911-816
db:NVDid:CVE-2019-18648

LAST UPDATE DATE
2024-11-23T23:08:13.144000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151015date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-011864date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-816date:2019-11-29T00:00:00
db:NVDid:CVE-2019-18648date:2024-11-21T04:33:26.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-151015date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-011864date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-816date:2019-11-14T00:00:00
db:NVDid:CVE-2019-18648date:2019-11-14T15:15:12.153