Details of VAR-202001-0303

ID

VAR-202001-0303

CVE

CVE-2019-18859

TITLE

Digi AnywhereUSB 14 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-013957

DESCRIPTION

Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. Digi AnywhereUSB 14 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The AnywhereUSB product is a network-capable USB hub that allows USB devices to connect to any local area network. Digi Anywhere USB 14 has an XSS injection vulnerability, which allows an attacker to perform an XSS attack on the corresponding program to obtain other information in a system or file

Trust: 2.25

sources: NVD: CVE-2019-18859 // JVNDB: JVNDB-2019-013957 // CNVD: CNVD-2020-02220 // VULMON: CVE-2019-18859

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02220

AFFECTED PRODUCTS

vendor:	digi	model:	anywhereusb\/14	scope:	eq	version:	1.93.21.19	Trust: 1.0
vendor:	digi	model:	anywhere usb14	scope:	-	version:	-	Trust: 0.8
vendor:	digi	model:	anywhereusb	scope:	eq	version:	14	Trust: 0.6

sources: CNVD: CNVD-2020-02220 // JVNDB: JVNDB-2019-013957 // NVD: CVE-2019-18859

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2019-18859
value:	MEDIUM
Trust: 1.8
CNVD:	CNVD-2020-02220
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202001-335
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-18859
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2019-18859
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
CNVD:	CNVD-2020-02220
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

NVD:
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18859
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02220 // VULMON: CVE-2019-18859 // JVNDB: JVNDB-2019-013957 // NVD: CVE-2019-18859 // CNNVD: CNNVD-202001-335

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-013957 // NVD: CVE-2019-18859

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-335

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202001-335

CONFIGURATIONS

sources: NVD: CVE-2019-18859

PATCH

title:	Top Page	url:	https://www.digi.com/	Trust: 0.8
title:	-	url:	https://github.com/live-hack-cve/cve-2019-18859	Trust: 0.1
title:	-	url:	https://github.com/rnpg/cves	Trust: 0.1

sources: VULMON: CVE-2019-18859 // JVNDB: JVNDB-2019-013957

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18859	Trust: 3.1
db:	PACKETSTORM	id:	155926	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-013957	Trust: 0.8
db:	CNVD	id:	CNVD-2020-02220	Trust: 0.6
db:	EXPLOIT-DB	id:	47914	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-335	Trust: 0.6
db:	VULMON	id:	CVE-2019-18859	Trust: 0.1

sources: CNVD: CNVD-2020-02220 // VULMON: CVE-2019-18859 // JVNDB: JVNDB-2019-013957 // NVD: CVE-2019-18859 // CNNVD: CNNVD-202001-335

REFERENCES

url:	http://packetstormsecurity.com/files/155926/digi-anywhereusb-14-cross-site-scripting.html	Trust: 3.2
url:	https://gist.github.com/rnpg/e0d25ad51aa5c288b9005900f88a4f03	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18859	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18859	Trust: 0.8
url:	https://www.exploit-db.com/exploits/47914	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-18859	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-02220 // VULMON: CVE-2019-18859 // JVNDB: JVNDB-2019-013957 // NVD: CVE-2019-18859 // CNNVD: CNNVD-202001-335

CREDITS

Raspina Net Pars Group

Trust: 0.6

sources: CNNVD: CNNVD-202001-335

SOURCES

db:	CNVD	id:	CNVD-2020-02220
db:	VULMON	id:	CVE-2019-18859
db:	JVNDB	id:	JVNDB-2019-013957
db:	NVD	id:	CVE-2019-18859
db:	CNNVD	id:	CNNVD-202001-335

LAST UPDATE DATE

2023-12-18T13:13:09.942000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02220	date:	2020-01-15T00:00:00
db:	VULMON	id:	CVE-2019-18859	date:	2023-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-013957	date:	2020-01-22T00:00:00
db:	NVD	id:	CVE-2019-18859	date:	2023-01-31T20:57:15.463
db:	CNNVD	id:	CNNVD-202001-335	date:	2021-01-04T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02220	date:	2020-01-15T00:00:00
db:	VULMON	id:	CVE-2019-18859	date:	2020-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-013957	date:	2020-01-22T00:00:00
db:	NVD	id:	CVE-2019-18859	date:	2020-01-09T21:15:11.857
db:	CNNVD	id:	CNNVD-202001-335	date:	2020-01-09T00:00:00