Details of VAR-202002-0474

ID

VAR-202002-0474

CVE

CVE-2019-19668

TITLE

Rumpus FTP Web File Manager File Types Component Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-04699 // CNNVD: CNNVD-202002-345

DESCRIPTION

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. Rumpus FTP Contains a cross-site request forgery vulnerability.Information may be altered. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

Trust: 2.16

sources: NVD: CVE-2019-19668 // JVNDB: JVNDB-2019-014420 // CNVD: CNVD-2020-04699

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-04699

AFFECTED PRODUCTS

vendor:	maxum	model:	rumpus ftp	scope:	eq	version:	8.2.9.1	Trust: 1.0
vendor:	maxum	model:	rumpus	scope:	eq	version:	-	Trust: 0.8
vendor:	maxum	model:	rumpus	scope:	eq	version:	8.2.9.1	Trust: 0.8
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	8.2.9.1	Trust: 0.6

sources: CNVD: CNVD-2020-04699 // JVNDB: JVNDB-2019-014420 // NVD: CVE-2019-19668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19668
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-19668
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-04699
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-345
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-19668
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-04699
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19668
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19668
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-04699 // JVNDB: JVNDB-2019-014420 // CNNVD: CNNVD-202002-345 // NVD: CVE-2019-19668

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-014420 // NVD: CVE-2019-19668

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-345

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202002-345

PATCH

title:

CVE's for Rumpus FTP Server GitHub

url:

https://github.com/harshit-shukla/CVE

Trust: 0.8

sources: JVNDB: JVNDB-2019-014420

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19668	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014420	Trust: 0.8
db:	CNVD	id:	CNVD-2020-04699	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-345	Trust: 0.6

sources: CNVD: CNVD-2020-04699 // JVNDB: JVNDB-2019-014420 // CNNVD: CNNVD-202002-345 // NVD: CVE-2019-19668

REFERENCES

url:	https://github.com/harshit-shukla/cve/blob/master/cve-2019-19668.md	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19668	Trust: 2.0
url:	https://github.com/harshit-shukla/cve	Trust: 1.6

sources: CNVD: CNVD-2020-04699 // JVNDB: JVNDB-2019-014420 // CNNVD: CNNVD-202002-345 // NVD: CVE-2019-19668

SOURCES

db:	CNVD	id:	CNVD-2020-04699
db:	JVNDB	id:	JVNDB-2019-014420
db:	CNNVD	id:	CNNVD-202002-345
db:	NVD	id:	CVE-2019-19668

LAST UPDATE DATE

2024-11-23T21:51:40.550000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04699	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014420	date:	2020-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202002-345	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-19668	date:	2024-11-21T04:35:09.510

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-04699	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014420	date:	2020-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202002-345	date:	2020-02-10T00:00:00
db:	NVD	id:	CVE-2019-19668	date:	2020-02-10T19:15:11.637