Details of VAR-201912-0853

ID

VAR-201912-0853

CVE

CVE-2019-12394

TITLE

Anviz access control Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012870

DESCRIPTION

Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. Anviz access control The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Anviz access control devices is a door access control device from China's Anviz company. There are security holes in Anviz access control device

Trust: 2.25

sources: NVD: CVE-2019-12394 // JVNDB: JVNDB-2019-012870 // CNVD: CNVD-2019-44971 // VULMON: CVE-2019-12394

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-44971

AFFECTED PRODUCTS

vendor:	anviz	model:	management system	scope:	eq	version:	-	Trust: 1.6
vendor:	anviz global	model:	management system	scope:	-	version:	-	Trust: 0.8
vendor:	anviz	model:	access control devices	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-44971 // JVNDB: JVNDB-2019-012870 // CNNVD: CNNVD-201912-026 // NVD: CVE-2019-12394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12394
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-12394
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-44971
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-026
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2019-12394
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12394
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-44971
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-12394
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12394
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-44971 // VULMON: CVE-2019-12394 // JVNDB: JVNDB-2019-012870 // CNNVD: CNNVD-201912-026 // NVD: CVE-2019-12394

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-012870 // NVD: CVE-2019-12394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-026

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-026

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012870

PATCH

title:

Top Page

url:

https://www.anviz.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-012870

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12394	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-012870	Trust: 0.8
db:	CNVD	id:	CNVD-2019-44971	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-026	Trust: 0.6
db:	VULMON	id:	CVE-2019-12394	Trust: 0.1

sources: CNVD: CNVD-2019-44971 // VULMON: CVE-2019-12394 // JVNDB: JVNDB-2019-012870 // CNNVD: CNNVD-201912-026 // NVD: CVE-2019-12394

REFERENCES

url:	https://www.0x90.zone/multiple/reverse/2019/11/28/anviz-pwn.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12394	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12394	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-44971 // VULMON: CVE-2019-12394 // JVNDB: JVNDB-2019-012870 // CNNVD: CNNVD-201912-026 // NVD: CVE-2019-12394

SOURCES

db:	CNVD	id:	CNVD-2019-44971
db:	VULMON	id:	CVE-2019-12394
db:	JVNDB	id:	JVNDB-2019-012870
db:	CNNVD	id:	CNNVD-201912-026
db:	NVD	id:	CVE-2019-12394

LAST UPDATE DATE

2024-11-23T22:16:45.686000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-44971	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-12394	date:	2019-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-012870	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-026	date:	2019-12-13T00:00:00
db:	NVD	id:	CVE-2019-12394	date:	2024-11-21T04:22:44.927

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-44971	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-12394	date:	2019-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-012870	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-026	date:	2019-12-02T00:00:00
db:	NVD	id:	CVE-2019-12394	date:	2019-12-02T17:15:12.060