Details of VAR-202002-0361

ID

VAR-202002-0361

CVE

CVE-2019-5142

TITLE

Moxa AWK-3131A In firmware OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014648

DESCRIPTION

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa

Trust: 2.16

sources: NVD: CVE-2019-5142 // JVNDB: JVNDB-2019-014648 // CNVD: CNVD-2020-13481

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-13481

AFFECTED PRODUCTS

vendor:

moxa

model:

awk-3131a

scope:

version:

1.13

Trust: 2.4

sources: CNVD: CNVD-2020-13481 // JVNDB: JVNDB-2019-014648 // NVD: CVE-2019-5142

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5142
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2019-5142
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014648
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-13481
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202002-1143
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-5142
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014648
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-13481
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5142
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2019-5142
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-014648
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-13481 // JVNDB: JVNDB-2019-014648 // CNNVD: CNNVD-202002-1143 // NVD: CVE-2019-5142 // NVD: CVE-2019-5142

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-014648 // NVD: CVE-2019-5142

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1143

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202002-1143

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014648

PATCH

title:

AWK-3131A Series

url:

https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series

Trust: 0.8

sources: JVNDB: JVNDB-2019-014648

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5142	Trust: 3.0
db:	TALOS	id:	TALOS-2019-0931	Trust: 3.0
db:	ICS CERT	id:	ICSA-20-063-04	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-014648	Trust: 0.8
db:	CNVD	id:	CNVD-2020-13481	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0781	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-1143	Trust: 0.6

sources: CNVD: CNVD-2020-13481 // JVNDB: JVNDB-2019-014648 // CNNVD: CNNVD-202002-1143 // NVD: CVE-2019-5142

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0931	Trust: 3.0
url:	https://www.us-cert.gov/ics/advisories/icsa-20-063-04	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5142	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5142	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0781/	Trust: 0.6

sources: CNVD: CNVD-2020-13481 // JVNDB: JVNDB-2019-014648 // CNNVD: CNNVD-202002-1143 // NVD: CVE-2019-5142

SOURCES

db:	CNVD	id:	CNVD-2020-13481
db:	JVNDB	id:	JVNDB-2019-014648
db:	CNNVD	id:	CNNVD-202002-1143
db:	NVD	id:	CVE-2019-5142

LAST UPDATE DATE

2024-11-23T22:05:48.903000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-13481	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-014648	date:	2020-03-26T00:00:00
db:	CNNVD	id:	CNNVD-202002-1143	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2019-5142	date:	2024-11-21T04:44:25.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-13481	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-014648	date:	2020-03-06T00:00:00
db:	CNNVD	id:	CNNVD-202002-1143	date:	2020-02-24T00:00:00
db:	NVD	id:	CVE-2019-5142	date:	2020-02-25T16:15:10.780