Sign-up

ID

VAR-201911-1333


CVE

CVE-2019-17405


TITLE

Nokia IMPACT Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-44223 // CNNVD: CNNVD-201911-1339

DESCRIPTION

Nokia IMPACT < 18A: has Reflected self XSS. Nokia IMPACT Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Nokia IMPACT is a set of intelligent management platform for the Internet of Things of Nokia (Finland). The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Trust: 2.7

sources: NVD: CVE-2019-17405 // JVNDB: JVNDB-2019-012556 // CNVD: CNVD-2019-44223 // CNNVD: CNNVD-201911-1339

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44223

AFFECTED PRODUCTS

vendor:nokiamodel:impactscope:ltversion:18a

Trust: 1.8

vendor:nokiamodel:impact <18ascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-44223 // JVNDB: JVNDB-2019-012556 // NVD: CVE-2019-17405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17405
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-17405
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44223
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1339
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-17405
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44223
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-17405
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-17405
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44223 // JVNDB: JVNDB-2019-012556 // CNNVD: CNNVD-201911-1339 // NVD: CVE-2019-17405

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-012556 // NVD: CVE-2019-17405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1339

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201911-1339

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012556

PATCH
title:Impact IoT platformurl:https://www.nokia.com/networks/solutions/impact-iot-platform/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012556

EXTERNAL IDS
db:NVDid:CVE-2019-17405
Trust: 3.0
db:JVNDBid:JVNDB-2019-012556
Trust: 0.8
db:CNVDid:CNVD-2019-44223
Trust: 0.6
db:CNNVDid:CNNVD-201911-1339
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44223 // 
            
            
            
            JVNDB: JVNDB-2019-012556 // 
            
            
            
            CNNVD: CNNVD-201911-1339 // 
            
            
            
            NVD: CVE-2019-17405

REFERENCES
url:https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-17405
Trust: 2.0
url:https://www.nokia.com/networks/solutions/impact-iot-platform/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17405
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-44223 // 
            
            
            
            JVNDB: JVNDB-2019-012556 // 
            
            
            
            CNNVD: CNNVD-201911-1339 // 
            
            
            
            NVD: CVE-2019-17405

SOURCES
db:CNVDid:CNVD-2019-44223
db:JVNDBid:JVNDB-2019-012556
db:CNNVDid:CNNVD-201911-1339
db:NVDid:CVE-2019-17405

LAST UPDATE DATE
2024-11-23T23:08:09.083000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44223date:2019-12-06T00:00:00
db:JVNDBid:JVNDB-2019-012556date:2019-12-05T00:00:00
db:CNNVDid:CNNVD-201911-1339date:2019-12-05T00:00:00
db:NVDid:CVE-2019-17405date:2024-11-21T04:32:16.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44223date:2019-12-06T00:00:00
db:JVNDBid:JVNDB-2019-012556date:2019-12-05T00:00:00
db:CNNVDid:CNNVD-201911-1339date:2019-11-25T00:00:00
db:NVDid:CVE-2019-17405date:2019-11-25T15:15:35.357