Sign-up

ID

VAR-202003-0951


CVE

CVE-2019-19148


TITLE

Tellabs Optical Line Terminal 1150 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015112

DESCRIPTION

Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 2020. Tellabs Optical Line Terminal (OLT) 1150 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tellabs Optical Line Terminal (OLI) is an optical line terminal product of American Tellabs Company. In Tellabs OLT 1150 FP29.2_015873, there is an authorization vulnerability, which can be exploited by attackers to execute commands

Trust: 2.16

sources: NVD: CVE-2019-19148 // JVNDB: JVNDB-2019-015112 // CNVD: CNVD-2020-22273

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22273

AFFECTED PRODUCTS

vendor:tellabsmodel:optical line terminal 1150scope:eqversion:ont709.2.50.12

Trust: 1.0

vendor:tellabs accessmodel:optical line terminal 1150scope: - version: -

Trust: 0.8

vendor:tellabsmodel:optical line terminal fp29.2 015873scope:eqversion:1150

Trust: 0.6

sources: CNVD: CNVD-2020-22273 // JVNDB: JVNDB-2019-015112 // NVD: CVE-2019-19148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19148
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015112
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-22273
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1286
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-19148
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015112
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22273
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19148
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22273 // JVNDB: JVNDB-2019-015112 // CNNVD: CNNVD-202003-1286 // NVD: CVE-2019-19148

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-015112 // NVD: CVE-2019-19148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1286

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-1286

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015112

PATCH
title:tellabs_rceurl:https://github.com/ellwoodthewood/tellabs_rce
Trust: 0.8
title:CVE-2019-19148url:https://docs.tellabs.com/articles/#!vulnerability-response/cve-2019-19148
Trust: 0.8
title:Patch for Tellabs Optical Line Terminal authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213345
Trust: 0.6
title:Tellabs Optical Line Terminal Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113279
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22273 // 
            
            
            
            JVNDB: JVNDB-2019-015112 // 
            
            
            
            CNNVD: CNNVD-202003-1286

EXTERNAL IDS
db:NVDid:CVE-2019-19148
Trust: 3.0
db:JVNDBid:JVNDB-2019-015112
Trust: 0.8
db:CNVDid:CNVD-2020-22273
Trust: 0.6
db:CNNVDid:CNNVD-202003-1286
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22273 // 
            
            
            
            JVNDB: JVNDB-2019-015112 // 
            
            
            
            CNNVD: CNNVD-202003-1286 // 
            
            
            
            NVD: CVE-2019-19148

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-19148
Trust: 2.0
url:https://github.com/ellwoodthewood/tellabs_rce
Trust: 1.6
url:https://docs.tellabs.com/articles/#%21vulnerability-response/cve-2019-19148
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19148
Trust: 0.8
url:https://docs.tellabs.com/articles/#!vulnerability-response/cve-2019-19148
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22273 // 
            
            
            
            JVNDB: JVNDB-2019-015112 // 
            
            
            
            CNNVD: CNNVD-202003-1286 // 
            
            
            
            NVD: CVE-2019-19148

SOURCES
db:CNVDid:CNVD-2020-22273
db:JVNDBid:JVNDB-2019-015112
db:CNNVDid:CNNVD-202003-1286
db:NVDid:CVE-2019-19148

LAST UPDATE DATE
2024-11-23T22:33:33.842000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22273date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2019-015112date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1286date:2020-08-25T00:00:00
db:NVDid:CVE-2019-19148date:2024-11-21T04:34:15.723

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22273date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2019-015112date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-1286date:2020-03-20T00:00:00
db:NVDid:CVE-2019-19148date:2020-03-20T18:15:13.760