Sign-up

ID

VAR-201912-0083


CVE

CVE-2019-6026


TITLE

Multiple MOTEX products vulnerable to privilege escalation

Trust: 0.8

sources: JVNDB: JVNDB-2019-000072

DESCRIPTION

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. OTEX LanScope Cat and LanScope An are products of Japanese MOTEX company. LanScope Cat is a set of asset monitoring and management software. LanScope An is a smart device management tool. There are security holes in MOTEX LanScope An and LanScope Cat. An attacker could use this vulnerability to gain unauthorized permissions and execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2019-6026 // JVNDB: JVNDB-2019-000072 // CNVD: CNVD-2020-03064

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03064

AFFECTED PRODUCTS

vendor:motexmodel:lanscope anscope:ltversion:2.7.7.0

Trust: 1.6

vendor:motexmodel:lanscope anscope:ltversion:3.0.8.1

Trust: 1.6

vendor:motexmodel:lanscope cat detection agentscope:gteversion:9.0.0.0

Trust: 1.0

vendor:motexmodel:lanscope cat detection agentscope:lteversion:9.1.0.8

Trust: 1.0

vendor:motexmodel:lanscope cat server monitoring agentscope:ltversion:9.2.2.0

Trust: 1.0

vendor:motexmodel:lanscope cat detection agentscope:ltversion:8.4.3.2

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:lteversion:9.2.0.3

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:gteversion:9.0.0.0

Trust: 1.0

vendor:motexmodel:lanscope anscope:gteversion:3.0.0.0

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:lteversion:9.0.1.9

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:lteversion:9.1.0.8

Trust: 1.0

vendor:motexmodel:lanscope cat detection agentscope:gteversion:9.1.0.0

Trust: 1.0

vendor:motexmodel:lanscope cat detection agentscope:gteversion:9.2.0.0

Trust: 1.0

vendor:motexmodel:lanscope anscope:gteversion:2.0.0.0

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:ltversion:8.4.3.2

Trust: 1.0

vendor:motexmodel:lanscope cat detection agentscope:lteversion:9.2.0.3

Trust: 1.0

vendor:motexmodel:lanscope cat detection agentscope:lteversion:9.0.1.9

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:gteversion:9.1.0.0

Trust: 1.0

vendor:motexmodel:lanscope cat client programscope:gteversion:9.2.0.0

Trust: 1.0

vendor:motexmodel:lanscope anscope:eqversion:prior to ver 2.7.7.0 (lanscope an 2 series)

Trust: 0.8

vendor:motexmodel:lanscope anscope:eqversion:prior to ver 3.0.8.1 (lanscope an 3 series)

Trust: 0.8

vendor:motexmodel:lanscope catscope:eqversion:prior to ver.9.2.1.0 (*1)

Trust: 0.8

vendor:motexmodel:lanscope catscope:eqversion:prior to ver.9.2.2.0 (*2)

Trust: 0.8

vendor:motexmodel:lanscope catscope:ltversion:9.2.1.0

Trust: 0.6

vendor:motexmodel:lanscope catscope:ltversion:9.2.2.0

Trust: 0.6

sources: CNVD: CNVD-2020-03064 // JVNDB: JVNDB-2019-000072 // NVD: CVE-2019-6026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6026
value: HIGH

Trust: 1.0

IPA: JVNDB-2019-000072
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03064
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-154
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-6026
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2019-000072
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-03064
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6026
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2019-000072
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03064 // JVNDB: JVNDB-2019-000072 // CNNVD: CNNVD-201912-154 // NVD: CVE-2019-6026

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2019-000072 // NVD: CVE-2019-6026

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-154

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-000072

PATCH
title:A privilege escalation vulnerability in LanScope Cat/LanScope An. (CVE-2019-6026)url:https://www.motex.co.jp/news/notice/2019/release191202/
Trust: 0.8
title:Patch for Unknown vulnerability in MOTEX LanScope Cat and LanScope Anurl:https://www.cnvd.org.cn/patchInfo/show/196967
Trust: 0.6
title:MOTEX LanScope Cat  and LanScope An Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105879
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03064 // 
            
            
            
            JVNDB: JVNDB-2019-000072 // 
            
            
            
            CNNVD: CNNVD-201912-154

EXTERNAL IDS
db:JVNid:JVN49068796
Trust: 3.0
db:NVDid:CVE-2019-6026
Trust: 3.0
db:JVNDBid:JVNDB-2019-000072
Trust: 1.4
db:CNVDid:CNVD-2020-03064
Trust: 0.6
db:CNNVDid:CNNVD-201912-154
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03064 // 
            
            
            
            JVNDB: JVNDB-2019-000072 // 
            
            
            
            CNNVD: CNNVD-201912-154 // 
            
            
            
            NVD: CVE-2019-6026

REFERENCES
url:http://jvn.jp/en/jp/jvn49068796/index.html
Trust: 2.4
url:https://www.motex.co.jp/news/news_topics/2019/release191202/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6026
Trust: 0.8
url:https://jvn.jp/en/jp/jvn49068796/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-6026
Trust: 0.6
url:https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000072.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03064 // 
            
            
            
            JVNDB: JVNDB-2019-000072 // 
            
            
            
            CNNVD: CNNVD-201912-154 // 
            
            
            
            NVD: CVE-2019-6026

SOURCES
db:CNVDid:CNVD-2020-03064
db:JVNDBid:JVNDB-2019-000072
db:CNNVDid:CNNVD-201912-154
db:NVDid:CVE-2019-6026

LAST UPDATE DATE
2024-11-23T21:51:49.859000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03064date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-000072date:2019-12-03T00:00:00
db:CNNVDid:CNNVD-201912-154date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6026date:2024-11-21T04:45:56.400

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03064date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-000072date:2019-12-03T00:00:00
db:CNNVDid:CNNVD-201912-154date:2019-12-03T00:00:00
db:NVDid:CVE-2019-6026date:2019-12-26T16:15:12.310