Sign-up

ID

VAR-202003-0853


CVE

CVE-2019-19940


TITLE

Swisscom Centro Grande Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015079

DESCRIPTION

Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection. Swisscom Centro Grande There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Swisscom Centro Grande is a router of Swisscom. The vulnerability stems from the fact that the network system or product fails to properly filter the special characters and commands in the process of user input, construction and execution of commands. A remote attacker can use the vulnerability to execute arbitrary commands by injecting commands

Trust: 2.16

sources: NVD: CVE-2019-19940 // JVNDB: JVNDB-2019-015079 // CNVD: CNVD-2020-21496

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21496

AFFECTED PRODUCTS

vendor:swisscommodel:centro grandescope:ltversion:6.14.06

Trust: 1.0

vendor:swisscommodel:centro grandescope:eqversion:6.16.12

Trust: 0.8

vendor:swisscommodel:centro grandescope:ltversion:6.16.12

Trust: 0.6

sources: CNVD: CNVD-2020-21496 // JVNDB: JVNDB-2019-015079 // NVD: CVE-2019-19940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19940
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015079
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-21496
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-952
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-19940
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015079
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21496
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19940
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015079
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21496 // JVNDB: JVNDB-2019-015079 // CNNVD: CNNVD-202003-952 // NVD: CVE-2019-19940

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-015079 // NVD: CVE-2019-19940

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-952

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-952

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015079

PATCH
title:Your Routerurl:https://www.swisscom.ch/en/residential/help/device/internet-router.html
Trust: 0.8
title:Remote Code Executionurl:https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
Trust: 0.8
title:Patch for Swisscom Centro Grande command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213011
Trust: 0.6
title:Swisscom Centro Grande Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112385
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21496 // 
            
            
            
            JVNDB: JVNDB-2019-015079 // 
            
            
            
            CNNVD: CNNVD-202003-952

EXTERNAL IDS
db:NVDid:CVE-2019-19940
Trust: 3.0
db:JVNDBid:JVNDB-2019-015079
Trust: 0.8
db:CNVDid:CNVD-2020-21496
Trust: 0.6
db:CNNVDid:CNNVD-202003-952
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-21496 // 
            
            
            
            JVNDB: JVNDB-2019-015079 // 
            
            
            
            CNNVD: CNNVD-202003-952 // 
            
            
            
            NVD: CVE-2019-19940

REFERENCES
url:https://www.swisscom.ch/en/residential/help/device/internet-router.html
Trust: 1.6
url:https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19940
Trust: 1.4
url:https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19940
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-21496 // 
            
            
            
            JVNDB: JVNDB-2019-015079 // 
            
            
            
            CNNVD: CNNVD-202003-952 // 
            
            
            
            NVD: CVE-2019-19940

SOURCES
db:CNVDid:CNVD-2020-21496
db:JVNDBid:JVNDB-2019-015079
db:CNNVDid:CNNVD-202003-952
db:NVDid:CVE-2019-19940

LAST UPDATE DATE
2024-11-23T22:48:07.399000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21496date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2019-015079date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-952date:2021-01-14T00:00:00
db:NVDid:CVE-2019-19940date:2024-11-21T04:35:42.123

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21496date:2020-03-16T00:00:00
db:JVNDBid:JVNDB-2019-015079date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-952date:2020-03-16T00:00:00
db:NVDid:CVE-2019-19940date:2020-03-16T16:15:12.187