Find a vulnerability
Search criteria
32 vulnerabilities found for inspector by zingbox
VAR-201910-0935
Vulnerability from variot - Updated: 2024-11-23 23:11A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Zingbox Inspector Contains an authentication vulnerability.Information may be tampered with. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0935",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.280"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
}
]
},
"cve": "CVE-2019-15018",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15018",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36675",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15018",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15018",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15018",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15018",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36675",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-609",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15018",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Zingbox Inspector Contains an authentication vulnerability.Information may be tampered with. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"db": "VULMON",
"id": "CVE-2019-15018"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15018",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36675",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15018",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"id": "VAR-201910-0935",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
}
]
},
"last_update_date": "2024-11-23T23:11:42.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186315"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99253"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=e274652e00ca2f453b1a98d3e5c15c02"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15018 Tenant authentication bypass in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=b6745cb1877e32968f88ac53539bdeed"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15018 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15018"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15018"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/179"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15018"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110284"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"date": "2019-10-09T21:15:12.930000",
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36675"
},
{
"date": "2023-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15018"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010564"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-609"
},
{
"date": "2024-11-21T04:27:52.990000",
"db": "NVD",
"id": "CVE-2019-15018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010564"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-609"
}
],
"trust": 0.6
}
}
VAR-201910-0937
Vulnerability from variot - Updated: 2024-11-23 23:08A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks.
There are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.293 and earlier. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user's input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.293"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.293"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
}
]
},
"cve": "CVE-2019-15020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15020",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15020",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15020",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15020",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15020",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-36667",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-612",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-15020",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. \n\nThere are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.293 and earlier. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user\u0027s input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15020"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"db": "VULMON",
"id": "CVE-2019-15020"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15020",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36667",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15020",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"id": "VAR-201910-0937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
}
]
},
"last_update_date": "2024-11-23T23:08:14.230000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Command Injection Vulnerability (CNVD-2019-36667)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186257"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99256"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=c976a5d22968968321875aea33e3bfb8"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15020 Command Injection in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=9f84605461102d5029f7785855ab24cc"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15020 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-346",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15020"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15020"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/185"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15020"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/346.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"date": "2019-10-09T21:15:13.070000",
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36667"
},
{
"date": "2023-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15020"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010558"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-612"
},
{
"date": "2024-11-21T04:27:53.210000",
"db": "NVD",
"id": "CVE-2019-15020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-612"
}
],
"trust": 0.6
}
}
VAR-201910-0934
Vulnerability from variot - Updated: 2024-11-23 23:04The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. A trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0934",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.293"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": null
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.281"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
}
]
},
"cve": "CVE-2019-15017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15017",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-36674",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2019-15017",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15017",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15017",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36674",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-608",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15017",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. \nA trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"db": "VULMON",
"id": "CVE-2019-15017"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15017",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36674",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15017",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"id": "VAR-201910-0934",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
}
]
},
"last_update_date": "2024-11-23T23:04:36.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability (CNVD-2019-36674)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186331"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99252"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=669c464610c267eab07ee2d5e1821107"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15017 SSH Service Exposed in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=52a53343fc1cdd39ddcf8338d55a15b5"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15017 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15017"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15017"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/176"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15017"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110276"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"date": "2019-10-09T21:15:12.837000",
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36674"
},
{
"date": "2023-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15017"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010612"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-608"
},
{
"date": "2024-11-21T04:27:52.883000",
"db": "NVD",
"id": "CVE-2019-15017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010612"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-608"
}
],
"trust": 0.6
}
}
VAR-201910-0932
Vulnerability from variot - Updated: 2024-11-23 22:55In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. A trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. An attacker could use this vulnerability to gain unauthorized access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0932",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.293"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": null
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.281"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
}
]
},
"cve": "CVE-2019-15015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15015",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-36672",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2019-15015",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15015",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15015",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36672",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-605",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15015",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. \nA trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. An attacker could use this vulnerability to gain unauthorized access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"db": "VULMON",
"id": "CVE-2019-15015"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15015",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36672",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"id": "VAR-201910-0932",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
}
]
},
"last_update_date": "2024-11-23T22:55:25.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability (CNVD-2019-36672)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186337"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99249"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15015 Hardcoded Credentials in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=acef70ae92107ca46635a089cd1f522e"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=041b827a06ce544ecda241e4fafcaca8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15015 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15015"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15015"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/170"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15015"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110285"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"date": "2019-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"date": "2019-10-09T21:15:12.680000",
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"date": "2023-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15015"
},
{
"date": "2019-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010731"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-605"
},
{
"date": "2024-11-21T04:27:52.657000",
"db": "NVD",
"id": "CVE-2019-15015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36672"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-605"
}
],
"trust": 0.6
}
}
VAR-201910-0938
Vulnerability from variot - Updated: 2024-11-23 22:48A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Zingbox Inspector Contains an information disclosure vulnerability.Information may be obtained. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT control center solution from Palo Alto Networks. A code issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.294"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
}
]
},
"cve": "CVE-2019-15021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15021",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36668",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15021",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-15021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15021",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-15021",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-36668",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-613",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
},
{
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Zingbox Inspector Contains an information disclosure vulnerability.Information may be obtained. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT control center solution from Palo Alto Networks. \nA code issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15021"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15021",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36668",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
},
{
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"id": "VAR-201910-0938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
}
]
},
"last_update_date": "2024-11-23T22:48:13.486000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186233"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99257"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15021"
},
{
"trust": 1.6,
"url": "https://security.paloaltonetworks.com/cve-2019-15021"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/188"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
},
{
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
},
{
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-613"
},
{
"date": "2019-10-09T21:15:13.133000",
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36668"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010559"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-613"
},
{
"date": "2024-11-21T04:27:53.323000",
"db": "NVD",
"id": "CVE-2019-15021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010559"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-613"
}
],
"trust": 0.6
}
}
VAR-201910-0940
Vulnerability from variot - Updated: 2024-11-23 22:44A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Zingbox Inspector Contains a vulnerability in the clearing of important information.Information may be obtained. An attacker could use this vulnerability to obtain third-party integrated user credentials. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. There are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.294 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0940",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.293"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": null
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.281"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
}
]
},
"cve": "CVE-2019-15023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15023",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36670",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15023",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15023",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15023",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36670",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Zingbox Inspector Contains a vulnerability in the clearing of important information.Information may be obtained. An attacker could use this vulnerability to obtain third-party integrated user credentials. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. \nThere are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.294 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"db": "VULMON",
"id": "CVE-2019-15023"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15023",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36670",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15023",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"id": "VAR-201910-0940",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
}
]
},
"last_update_date": "2024-11-23T22:44:48.624000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Unknown vulnerability in Palo Alto Networks Zingbox Inspector",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186161"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99261"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15023 Insecure Password Storage in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=ee8fe564b4f70fc2f055d5ff6310321b"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=e32bb68a52a188d42f081e83f8446dfe"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15023 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/194"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15023"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15023"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15023"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110292"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"date": "2019-10-09T21:15:13.273000",
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36670"
},
{
"date": "2023-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15023"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010561"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-618"
},
{
"date": "2024-11-21T04:27:53.543000",
"db": "NVD",
"id": "CVE-2019-15023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Vulnerabilities related to clearing important information in plaintext",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010561"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-618"
}
],
"trust": 0.6
}
}
VAR-201910-0931
Vulnerability from variot - Updated: 2024-11-23 22:37A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user's input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0931",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.286"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
}
]
},
"cve": "CVE-2019-15014",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-15014",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-36671",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-15014",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15014",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15014",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15014",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-604",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
},
{
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user\u0027s input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15014"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15014",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36671",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
},
{
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"id": "VAR-201910-0931",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
}
]
},
"last_update_date": "2024-11-23T22:37:37.356000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186339"
},
{
"title": "Zingbox Inspector Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99248"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15014"
},
{
"trust": 1.6,
"url": "https://security.paloaltonetworks.com/cve-2019-15014"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/167"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15014"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
},
{
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
},
{
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-604"
},
{
"date": "2019-10-09T21:15:12.600000",
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36671"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010562"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-604"
},
{
"date": "2024-11-21T04:27:52.547000",
"db": "NVD",
"id": "CVE-2019-15014"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-604"
}
],
"trust": 0.6
}
}
VAR-201910-0939
Vulnerability from variot - Updated: 2024-11-23 22:16A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. An attacker could use this vulnerability to obtain sensitive information or cause a denial of service. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. Attackers can use this vulnerability to perform ARP spoofing attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.293"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": null
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.281"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
}
]
},
"cve": "CVE-2019-15022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15022",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36669",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15022",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15022",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15022",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15022",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36669",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-617",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15022",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. An attacker could use this vulnerability to obtain sensitive information or cause a denial of service. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. Attackers can use this vulnerability to perform ARP spoofing attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"db": "VULMON",
"id": "CVE-2019-15022"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15022",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36669",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15022",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"id": "VAR-201910-0939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
}
]
},
"last_update_date": "2024-11-23T22:16:48.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186171"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99260"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15022 ARP Spoofing in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=e008cfcabf3ac9e7d4a741821984c947"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=56ac1dcb82286a9304dfe09c7fd64438"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15022 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15022"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15022"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/191"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15022"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110979"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"date": "2019-10-09T21:15:13.210000",
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36669"
},
{
"date": "2023-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15022"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010560"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-617"
},
{
"date": "2024-11-21T04:27:53.433000",
"db": "NVD",
"id": "CVE-2019-15022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zingbox Inspector Vulnerabilities in spoofing authentication bypass",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010560"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-617"
}
],
"trust": 0.6
}
}
VAR-201910-0936
Vulnerability from variot - Updated: 2024-11-23 22:11A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Zingbox Inspector Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from network systems or products that did not properly validate the input data. No detailed vulnerability details are provided at this time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0936",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.293"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": null
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.281"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.294"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
}
]
},
"cve": "CVE-2019-15019",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15019",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36666",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15019",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15019",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15019",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15019",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-36666",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-611",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-15019",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Zingbox Inspector Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from network systems or products that did not properly validate the input data. No detailed vulnerability details are provided at this time",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15019"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"db": "VULMON",
"id": "CVE-2019-15019"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15019",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36666",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15019",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"id": "VAR-201910-0936",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
}
]
},
"last_update_date": "2024-11-23T22:11:47.768000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186307"
},
{
"title": "Zingbox Inspector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99255"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=ffd560113b69675028ec4c8094908e61"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15019 Insecure Firmware Validation in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=741d220154ade0c76bd50ba55854f456"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15019 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15019"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15019"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/182"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15019"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110281"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"date": "2019-10-09T21:15:13.007000",
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"date": "2023-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15019"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010565"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-611"
},
{
"date": "2024-11-21T04:27:53.100000",
"db": "NVD",
"id": "CVE-2019-15019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Palo Alto Networks Zingbox Inspector Input Validation Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36666"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-611"
}
],
"trust": 0.6
}
}
VAR-201910-0933
Vulnerability from variot - Updated: 2024-11-23 21:36An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0933",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inspector",
"scope": "lte",
"trust": 1.8,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "alto networks zingbox inspector",
"scope": "lte",
"trust": 0.6,
"vendor": "palo",
"version": "\u003c=1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.288"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.286"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": null
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.281"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.280"
},
{
"model": "inspector",
"scope": "eq",
"trust": 0.6,
"vendor": "zingbox",
"version": "1.287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zingbox:inspector",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
}
]
},
"cve": "CVE-2019-15016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-15016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-36673",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-15016",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15016",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15016",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15016",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-606",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15016",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"db": "VULMON",
"id": "CVE-2019-15016"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15016",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36673",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15016",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"id": "VAR-201910-0933",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
}
]
},
"last_update_date": "2024-11-23T21:36:34.975000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zingbox.com/"
},
{
"title": "Patch for Palo Alto Networks Zingbox Inspector SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186335"
},
{
"title": "Zingbox Inspector SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99250"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=dfa40f4cc53a56eced3ccfb730642543"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-15016 SQL Injection in Zingbox Inspector",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=bc571911c016e8ec324aaddf315ae1b3"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15016 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15016"
},
{
"trust": 1.7,
"url": "https://security.paloaltonetworks.com/cve-2019-15016"
},
{
"trust": 1.4,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/173"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15016"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110275"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"date": "2019-10-09T21:15:12.757000",
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"date": "2023-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15016"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010563"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-606"
},
{
"date": "2024-11-21T04:27:52.773000",
"db": "NVD",
"id": "CVE-2019-15016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Palo Alto Networks Zingbox Inspector SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36673"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-606"
}
],
"trust": 0.6
}
}
CVE-2019-1584 (GCVE-0-2019-1584)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-04 18:20- Command Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-1584 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.293 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-1584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:48.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-1584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-1584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-1584",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-1584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-1584",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T18:20:28.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15023 (GCVE-0-2019-15023)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15023 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15023",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15023",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15022 (GCVE-0-2019-15022)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- ARP Spoofing
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15022 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ARP Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ARP Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15022",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15022",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15021 (GCVE-0-2019-15021)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Information Exposure Through Sent Data
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15021 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure Through Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15021",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15021",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15020 (GCVE-0-2019-15020)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Command Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15020 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.293 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15020",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15020",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15019 (GCVE-0-2019-15019)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15019 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validation of Integrity Check Value",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15019",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15019",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15018 (GCVE-0-2019-15018)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15018 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.280 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.280 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.280 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15018",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15018",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15017 (GCVE-0-2019-15017)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Improper Access Control
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15017 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15017",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15017",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15016 (GCVE-0-2019-15016)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- SQL Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15016 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.288 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.288 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.288 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15016",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15016",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15015 (GCVE-0-2019-15015)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Use of Hard-coded Credentials
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15015 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15015",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15015",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15014 (GCVE-0-2019-15014)
Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Command Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15014 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.286 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.286 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.286 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15014",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15014",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15023 (GCVE-0-2019-15023)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15023 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15023",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15023",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1584 (GCVE-0-2019-1584)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-04 18:20- Command Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-1584 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.293 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-1584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:48.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-1584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-1584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-1584",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-1584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-1584",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T18:20:28.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15020 (GCVE-0-2019-15020)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Command Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15020 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.293 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.293 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15020",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15020",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15017 (GCVE-0-2019-15017)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Improper Access Control
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15017 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15017",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15017",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15019 (GCVE-0-2019-15019)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15019 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validation of Integrity Check Value",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15019",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15019",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15021 (GCVE-0-2019-15021)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Information Exposure Through Sent Data
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15021 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure Through Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15021",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15021",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15014 (GCVE-0-2019-15014)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Command Injection
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15014 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.286 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.286 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.286 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15014",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15014",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15022 (GCVE-0-2019-15022)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- ARP Spoofing
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15022 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.294 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ARP Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.294 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ARP Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15022",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15022",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15018 (GCVE-0-2019-15018)
Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34- Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2019-15018 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Palo Alto Networks Zingbox Inspector |
Affected:
Zingbox Inspector, versions 1.280 and earlier.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Zingbox Inspector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zingbox Inspector, versions 1.280 and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-15018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-15018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Zingbox Inspector",
"version": {
"version_data": [
{
"version_value": "Zingbox Inspector, versions 1.280 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2019-15018",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2019-15018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-15018",
"datePublished": "2019-10-09T20:20:28.000Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}