Search

Find a vulnerability

Search criteria

    32 vulnerabilities by zingbox

    VAR-201910-0935

    Vulnerability from variot - Updated: 2024-11-23 23:11

    A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Zingbox Inspector Contains an authentication vulnerability.Information may be tampered with. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0935",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.280"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          }
        ]
      },
      "cve": "CVE-2019-15018",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15018",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36675",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15018",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-15018",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15018",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15018",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36675",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-609",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15018",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Zingbox Inspector Contains an authentication vulnerability.Information may be tampered with. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15018",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "id": "VAR-201910-0935",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:42.370000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Authorization Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186315"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99253"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=e274652e00ca2f453b1a98d3e5c15c02"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15018 Tenant authentication bypass in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=b6745cb1877e32968f88ac53539bdeed"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15018 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-287",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15018"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15018"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/179"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15018"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/306.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15018"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110284"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "date": "2019-10-09T21:15:12.930000",
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36675"
          },
          {
            "date": "2023-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15018"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          },
          {
            "date": "2020-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          },
          {
            "date": "2024-11-21T04:27:52.990000",
            "db": "NVD",
            "id": "CVE-2019-15018"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010564"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-609"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0937

    Vulnerability from variot - Updated: 2024-11-23 23:08

    A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks.

    There are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.293 and earlier. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user's input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0937",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.293"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.293"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          }
        ]
      },
      "cve": "CVE-2019-15020",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15020",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36667",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15020",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15020",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15020",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15020",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36667",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-612",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15020",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. \n\nThere are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.293 and earlier. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user\u0027s input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15020",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "id": "VAR-201910-0937",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:08:14.230000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Command Injection Vulnerability (CNVD-2019-36667)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186257"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99256"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=c976a5d22968968321875aea33e3bfb8"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15020 Command Injection in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=9f84605461102d5029f7785855ab24cc"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15020 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-346",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15020"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15020"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/185"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15020"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/346.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15020"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "date": "2019-10-09T21:15:13.070000",
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36667"
          },
          {
            "date": "2023-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15020"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          },
          {
            "date": "2020-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          },
          {
            "date": "2024-11-21T04:27:53.210000",
            "db": "NVD",
            "id": "CVE-2019-15020"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010558"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-612"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0934

    Vulnerability from variot - Updated: 2024-11-23 23:04

    The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. A trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0934",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.293"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": null
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.281"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          }
        ]
      },
      "cve": "CVE-2019-15017",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15017",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-36674",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2019-15017",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15017",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15017",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15017",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36674",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-608",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15017",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. \nA trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15017",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "id": "VAR-201910-0934",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:36.736000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability (CNVD-2019-36674)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186331"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99252"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=669c464610c267eab07ee2d5e1821107"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15017 SSH Service Exposed in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=52a53343fc1cdd39ddcf8338d55a15b5"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15017 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15017"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15017"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/176"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15017"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15017"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110276"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "date": "2019-10-09T21:15:12.837000",
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36674"
          },
          {
            "date": "2023-02-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15017"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          },
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          },
          {
            "date": "2024-11-21T04:27:52.883000",
            "db": "NVD",
            "id": "CVE-2019-15017"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Vulnerabilities related to the use of hard-coded credentials",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010612"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-608"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0932

    Vulnerability from variot - Updated: 2024-11-23 22:55

    In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. A trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. An attacker could use this vulnerability to gain unauthorized access to the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0932",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.293"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": null
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.281"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          }
        ]
      },
      "cve": "CVE-2019-15015",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15015",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-36672",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2019-15015",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15015",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15015",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15015",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36672",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-605",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15015",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. Zingbox Inspector Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. \nA trust management issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. An attacker could use this vulnerability to gain unauthorized access to the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15015",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "id": "VAR-201910-0932",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:25.595000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability (CNVD-2019-36672)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186337"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99249"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15015 Hardcoded Credentials in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=acef70ae92107ca46635a089cd1f522e"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=041b827a06ce544ecda241e4fafcaca8"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15015 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15015"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15015"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/170"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15015"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15015"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110285"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "date": "2019-10-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "date": "2019-10-09T21:15:12.680000",
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "date": "2023-02-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15015"
          },
          {
            "date": "2019-10-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010731"
          },
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          },
          {
            "date": "2024-11-21T04:27:52.657000",
            "db": "NVD",
            "id": "CVE-2019-15015"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Palo Alto Networks Zingbox Inspector Trust Management Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-605"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0938

    Vulnerability from variot - Updated: 2024-11-23 22:48

    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Zingbox Inspector Contains an information disclosure vulnerability.Information may be obtained. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT control center solution from Palo Alto Networks. A code issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0938",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.294"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          }
        ]
      },
      "cve": "CVE-2019-15021",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15021",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36668",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15021",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-15021",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15021",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15021",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36668",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-613",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Zingbox Inspector Contains an information disclosure vulnerability.Information may be obtained. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT control center solution from Palo Alto Networks. \nA code issue vulnerability exists in Palo Alto Networks Zingbox Inspector 1.294 and earlier. The vulnerability stems from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15021",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "id": "VAR-201910-0938",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:48:13.486000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186233"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99257"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-918",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15021"
          },
          {
            "trust": 1.6,
            "url": "https://security.paloaltonetworks.com/cve-2019-15021"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/188"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15021"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          },
          {
            "date": "2019-10-09T21:15:13.133000",
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36668"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          },
          {
            "date": "2022-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          },
          {
            "date": "2024-11-21T04:27:53.323000",
            "db": "NVD",
            "id": "CVE-2019-15021"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010559"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-613"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0940

    Vulnerability from variot - Updated: 2024-11-23 22:44

    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Zingbox Inspector Contains a vulnerability in the clearing of important information.Information may be obtained. An attacker could use this vulnerability to obtain third-party integrated user credentials. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. There are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.294 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0940",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.293"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": null
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.281"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          }
        ]
      },
      "cve": "CVE-2019-15023",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15023",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36670",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15023",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15023",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15023",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36670",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-618",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15023",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. Zingbox Inspector Contains a vulnerability in the clearing of important information.Information may be obtained. An attacker could use this vulnerability to obtain third-party integrated user credentials. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. \nThere are security vulnerabilities in Palo Alto Networks Zingbox Inspector 1.294 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15023",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "id": "VAR-201910-0940",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:44:48.624000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Unknown vulnerability in Palo Alto Networks Zingbox Inspector",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186161"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99261"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15023 Insecure Password Storage in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=ee8fe564b4f70fc2f055d5ff6310321b"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=e32bb68a52a188d42f081e83f8446dfe"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15023 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-312",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/194"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15023"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15023"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15023"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/312.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15023"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110292"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "date": "2019-10-09T21:15:13.273000",
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36670"
          },
          {
            "date": "2023-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15023"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          },
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          },
          {
            "date": "2024-11-21T04:27:53.543000",
            "db": "NVD",
            "id": "CVE-2019-15023"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Vulnerabilities related to clearing important information in plaintext",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010561"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-618"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0931

    Vulnerability from variot - Updated: 2024-11-23 22:37

    A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user's input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0931",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.286"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          }
        ]
      },
      "cve": "CVE-2019-15014",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-15014",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-36671",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-15014",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15014",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15014",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15014",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36671",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-604",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Zingbox Inspector Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability originates from the operation of the user to enter a construction command, data structure, or record. The network system or product failed to properly verify the user\u0027s input data. The special elements were not filtered or incorrectly filtered out, which caused the system or product to generate. Wrong parsing or interpretation. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15014",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "id": "VAR-201910-0931",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:37.356000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186339"
          },
          {
            "title": "Zingbox Inspector Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99248"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15014"
          },
          {
            "trust": 1.6,
            "url": "https://security.paloaltonetworks.com/cve-2019-15014"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/167"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15014"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          },
          {
            "date": "2019-10-09T21:15:12.600000",
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36671"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          },
          {
            "date": "2020-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          },
          {
            "date": "2024-11-21T04:27:52.547000",
            "db": "NVD",
            "id": "CVE-2019-15014"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010562"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-604"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0939

    Vulnerability from variot - Updated: 2024-11-23 22:16

    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. An attacker could use this vulnerability to obtain sensitive information or cause a denial of service. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. Attackers can use this vulnerability to perform ARP spoofing attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0939",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.293"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": null
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.281"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          }
        ]
      },
      "cve": "CVE-2019-15022",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15022",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36669",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15022",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-15022",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15022",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15022",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36669",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-617",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15022",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. An attacker could use this vulnerability to obtain sensitive information or cause a denial of service. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. Attackers can use this vulnerability to perform ARP spoofing attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15022",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "id": "VAR-201910-0939",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:16:48.375000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186171"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99260"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15022 ARP Spoofing in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=e008cfcabf3ac9e7d4a741821984c947"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=56ac1dcb82286a9304dfe09c7fd64438"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15022 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-290",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15022"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15022"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/191"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15022"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/290.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15022"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110979"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "date": "2019-10-09T21:15:13.210000",
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36669"
          },
          {
            "date": "2023-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15022"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          },
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          },
          {
            "date": "2024-11-21T04:27:53.433000",
            "db": "NVD",
            "id": "CVE-2019-15022"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zingbox Inspector Vulnerabilities in spoofing authentication bypass",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010560"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-617"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0936

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Zingbox Inspector Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from network systems or products that did not properly validate the input data. No detailed vulnerability details are provided at this time

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0936",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.293"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": null
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.281"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.294"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          }
        ]
      },
      "cve": "CVE-2019-15019",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15019",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36666",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15019",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15019",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15019",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15019",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36666",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-611",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15019",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Zingbox Inspector Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks. The vulnerability stems from network systems or products that did not properly validate the input data. No detailed vulnerability details are provided at this time",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15019",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "id": "VAR-201910-0936",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:47.768000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector Input Validation Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186307"
          },
          {
            "title": "Zingbox Inspector Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99255"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=ffd560113b69675028ec4c8094908e61"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15019 Insecure Firmware Validation in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=741d220154ade0c76bd50ba55854f456"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15019 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15019"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15019"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/182"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15019"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15019"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110281"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "date": "2019-10-09T21:15:13.007000",
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "date": "2023-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15019"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010565"
          },
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          },
          {
            "date": "2024-11-21T04:27:53.100000",
            "db": "NVD",
            "id": "CVE-2019-15019"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Palo Alto Networks Zingbox Inspector Input Validation Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-611"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0933

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0933",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inspector",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "alto networks zingbox inspector",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "palo",
            "version": "\u003c=1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.288"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.286"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": null
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.281"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.280"
          },
          {
            "model": "inspector",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zingbox",
            "version": "1.287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zingbox:inspector",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          }
        ]
      },
      "cve": "CVE-2019-15016",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-15016",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-36673",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-15016",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15016",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15016",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15016",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36673",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-606",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15016",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15016",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "id": "VAR-201910-0933",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:34.975000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.zingbox.com/"
          },
          {
            "title": "Patch for Palo Alto Networks Zingbox Inspector SQL injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186335"
          },
          {
            "title": "Zingbox Inspector SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99250"
          },
          {
            "title": "Palo Alto Networks Security Advisory: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=dfa40f4cc53a56eced3ccfb730642543"
          },
          {
            "title": "Palo Alto Networks Security Advisory: CVE-2019-15016 SQL Injection in Zingbox Inspector",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=bc571911c016e8ec324aaddf315ae1b3"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-15016 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15016"
          },
          {
            "trust": 1.7,
            "url": "https://security.paloaltonetworks.com/cve-2019-15016"
          },
          {
            "trust": 1.4,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/173"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15016"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-15016"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110275"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "date": "2019-10-09T21:15:12.757000",
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "date": "2023-02-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15016"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-010563"
          },
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          },
          {
            "date": "2024-11-21T04:27:52.773000",
            "db": "NVD",
            "id": "CVE-2019-15016"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Palo Alto Networks Zingbox Inspector SQL injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-606"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-1584 (GCVE-0-2019-1584)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-04 18:20
    VLAI
    Summary
    A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.293 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:28.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-1584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.293 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:48.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-1584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-1584",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.293 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-1584",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-1584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-1584",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:20:28.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15023 (GCVE-0-2019-15023)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.
    Severity
    No CVSS data available.
    CWE
    • Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15023",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15023",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15023",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15022 (GCVE-0-2019-15022)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.
    Severity
    No CVSS data available.
    CWE
    • ARP Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.001Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15022"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "ARP Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15022"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "ARP Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15022",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15022"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15022",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15021 (GCVE-0-2019-15021)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.
    Severity
    No CVSS data available.
    CWE
    • Information Exposure Through Sent Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.157Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15021"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Through Sent Data",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15021"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Through Sent Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15021",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15021"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15021",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15020 (GCVE-0-2019-15020)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.293 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.293 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.293 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15020",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15020",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.009Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15019 (GCVE-0-2019-15019)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Integrity Check Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15019"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Integrity Check Value"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15019",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15019"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15019",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15018 (GCVE-0-2019-15018)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
    Severity
    No CVSS data available.
    CWE
    • Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.280 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15018"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.280 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15018"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.280 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass Using an Alternate Path or Channel"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15018",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15018"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15018",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15017 (GCVE-0-2019-15017)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15017",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15017",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.065Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15016 (GCVE-0-2019-15016)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.288 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15016"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.288 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15016"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.288 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15016",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15016"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15016",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15015 (GCVE-0-2019-15015)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15015"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15015"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15015",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15015",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15015"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15015",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:52.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15014 (GCVE-0-2019-15014)

    Vulnerability from nvd – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.286 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.286 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.286 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15014",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15014",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15023 (GCVE-0-2019-15023)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.
    Severity
    No CVSS data available.
    CWE
    • Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15023",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15023",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15023",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1584 (GCVE-0-2019-1584)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-04 18:20
    VLAI
    Summary
    A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.293 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:28.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-1584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.293 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:48.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-1584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-1584",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.293 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker\u0027s cloud endpoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-1584",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-1584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-1584",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:20:28.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15020 (GCVE-0-2019-15020)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.293 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.293 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.293 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15020",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15020",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.009Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15017 (GCVE-0-2019-15017)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15017",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15017",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.065Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15019 (GCVE-0-2019-15019)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Integrity Check Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15019"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Integrity Check Value"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15019",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15019"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15019",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15021 (GCVE-0-2019-15021)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.
    Severity
    No CVSS data available.
    CWE
    • Information Exposure Through Sent Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.157Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15021"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Exposure Through Sent Data",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15021"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Through Sent Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15021",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15021"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15021",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15014 (GCVE-0-2019-15014)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.286 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.286 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.286 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15014",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15014",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15022 (GCVE-0-2019-15022)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.
    Severity
    No CVSS data available.
    CWE
    • ARP Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.294 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.001Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15022"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.294 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "ARP Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15022"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.294 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "ARP Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15022",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15022"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15022",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15018 (GCVE-0-2019-15018)

    Vulnerability from cvelistv5 – Published: 2019-10-09 20:20 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
    Severity
    No CVSS data available.
    CWE
    • Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Palo Alto Networks Zingbox Inspector Affected: Zingbox Inspector, versions 1.280 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2019-15018"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Palo Alto Networks Zingbox Inspector",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Zingbox Inspector, versions 1.280 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T16:03:47.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2019-15018"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "ID": "CVE-2019-15018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Palo Alto Networks Zingbox Inspector",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Zingbox Inspector, versions 1.280 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass Using an Alternate Path or Channel"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2019-15018",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2019-15018"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2019-15018",
        "datePublished": "2019-10-09T20:20:28.000Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }