Details of VAR-202009-0487

ID

VAR-202009-0487

CVE

CVE-2019-16000

TITLE

Windows for Cisco Umbrella Roaming Client Vulnerability for inadequate validation of data reliability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016013

DESCRIPTION

A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications. Windows for Cisco Umbrella Roaming Client Exists in an inadequate validation of data reliability vulnerabilities.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2019-16000 // JVNDB: JVNDB-2019-016013 // VULHUB: VHN-148103

AFFECTED PRODUCTS

vendor:	cisco	model:	umbrella roaming client	scope:	eq	version:	2.2.238	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco umbrella roaming client	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016013 // NVD: CVE-2019-16000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16000
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16000
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-16000
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-1399
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148103
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-16000
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148103
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-16000
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-16000
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148103 // JVNDB: JVNDB-2019-016013 // CNNVD: CNNVD-202001-1399 // NVD: CVE-2019-16000 // NVD: CVE-2019-16000

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.1
problemtype:	Inadequate verification of data reliability (CWE-345) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-148103 // JVNDB: JVNDB-2019-016013 // NVD: CVE-2019-16000

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-1399

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202001-1399

PATCH

title:	cisco-sa-20200122-umbrella-msi-install	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-umbrella-msi-install	Trust: 0.8
title:	Cisco Umbrella Roaming Client for Windows Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110476	Trust: 0.6

sources: JVNDB: JVNDB-2019-016013 // CNNVD: CNNVD-202001-1399

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16000	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-016013	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-1399	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0277	Trust: 0.6
db:	VULHUB	id:	VHN-148103	Trust: 0.1

sources: VULHUB: VHN-148103 // JVNDB: JVNDB-2019-016013 // CNNVD: CNNVD-202001-1399 // NVD: CVE-2019-16000

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-umbrella-msi-install	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16000	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0277/	Trust: 0.6

sources: VULHUB: VHN-148103 // JVNDB: JVNDB-2019-016013 // CNNVD: CNNVD-202001-1399 // NVD: CVE-2019-16000

SOURCES

db:	VULHUB	id:	VHN-148103
db:	JVNDB	id:	JVNDB-2019-016013
db:	CNNVD	id:	CNNVD-202001-1399
db:	NVD	id:	CVE-2019-16000

LAST UPDATE DATE

2024-11-23T23:04:16.110000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148103	date:	2020-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-016013	date:	2021-04-05T09:07:00
db:	CNNVD	id:	CNNVD-202001-1399	date:	2020-09-29T00:00:00
db:	NVD	id:	CVE-2019-16000	date:	2024-11-21T04:29:54.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148103	date:	2020-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-016013	date:	2021-04-05T00:00:00
db:	CNNVD	id:	CNNVD-202001-1399	date:	2020-01-22T00:00:00
db:	NVD	id:	CVE-2019-16000	date:	2020-09-23T01:15:13.473