Vulnerability-Lookup

CVE-2019-13379 (GCVE-0-2019-13379)

Vulnerability from cvelistv5 – Published: 2019-07-07 15:44 – Updated: 2024-08-04 23:49

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2019-13379

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-13379

Aliases

CVE-2019-13379

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-13379",
    "description": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in.",
    "id": "GSD-2019-13379"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-13379"
      ],
      "details": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in.",
      "id": "GSD-2019-13379",
      "modified": "2023-12-13T01:23:41.561604Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-13379",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/",
            "refsource": "MISC",
            "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/"
          },
          {
            "name": "https://www.youtube.com/watch?v=X1PY7kMFkVg",
            "refsource": "MISC",
            "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
          },
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:avtech:room_alert_3e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.2.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:avtech:room_alert_3e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13379"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.youtube.com/watch?v=X1PY7kMFkVg",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
            },
            {
              "name": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-07-07T16:15Z"
    }
  }
}

VAR-201907-0422

Vulnerability from variot - Updated: 2024-11-23 22:11

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. AVTECH Room Alert 3E The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVTECH Software Room Alert 3E is a device used by AVTECH Software to monitor the IT infrastructure. This product is mainly used to monitor the temperature, humidity, power, electricity and smoke of computer rooms or small data centers.

There are security vulnerabilities in AVTECH Software Room Alert 3E prior to 2.2.5. An attacker could exploit this vulnerability to increase privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0422",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "room alert 3e",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "avtech",
        "version": "2.2.5"
      },
      {
        "model": "software room alert 3e",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "avtech",
        "version": "2.2.5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:avtech:room_alert_3e_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      }
    ]
  },
  "cve": "CVE-2019-13379",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2019-13379",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2019-26823",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-13379",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-13379",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-13379",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-26823",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-343",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-13379",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in. AVTECH Room Alert 3E The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVTECH Software Room Alert 3E is a device used by AVTECH Software to monitor the IT infrastructure. This product is mainly used to monitor the temperature, humidity, power, electricity and smoke of computer rooms or small data centers. \n\nThere are security vulnerabilities in AVTECH Software Room Alert 3E prior to 2.2.5. An attacker could exploit this vulnerability to increase privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13379"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-13379",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13379",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "id": "VAR-201907-0422",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:11:58.044000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Room Alert 3E Monitor",
        "trust": 0.8,
        "url": "https://avtech.com/Products/Environment_Monitors/Room_Alert_3E.htm"
      },
      {
        "title": "Patch for AVTECH Software Room Alert 3E Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/174439"
      },
      {
        "title": "AVTECH Software Room Alert 3E Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94490"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-668",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13379"
      },
      {
        "trust": 1.7,
        "url": "https://www.youtube.com/watch?v=x1py7kmfkvg"
      },
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0010"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13379"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/668.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "date": "2019-07-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13379"
      },
      {
        "date": "2019-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "date": "2019-07-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      },
      {
        "date": "2019-07-07T16:15:10.227000",
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26823"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13379"
      },
      {
        "date": "2019-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      },
      {
        "date": "2024-11-21T04:24:49.390000",
        "db": "NVD",
        "id": "CVE-2019-13379"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AVTECH Room Alert 3E Authentication vulnerabilities in devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006264"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-343"
      }
    ],
    "trust": 0.6
  }
}

GHSA-XG6V-XH9G-65CV

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:12

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-13379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in.",
  "id": "GHSA-xg6v-xh9g-65cv",
  "modified": "2024-04-04T01:12:47Z",
  "published": "2022-05-24T16:49:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13379"
    },
    {
      "type": "WEB",
      "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2019-26823

Vulnerability from cnvd - Published: 2019-08-12

Title

AVTECH Software Room Alert 3E权限提升漏洞

Description

AVTECH Software Room Alert 3E是美国AVTECH Software公司的一款用于监测IT基础环境的设备。该产品主要用于监控计算机房或小型数据中心的温度、湿度、功率、电力和烟雾等。 AVTECH Software Room Alert 3E 2.2.5之前版本中存在安全漏洞。攻击者可利用该漏洞提升权限。

Severity

高

Patch Name

AVTECH Software Room Alert 3E权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://avtech.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-13379

Impacted products

Name
AVTECH Software Room Alert 3E <2.2.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-13379"
    }
  },
  "description": "AVTECH Software Room Alert 3E\u662f\u7f8e\u56fdAVTECH Software\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u76d1\u6d4bIT\u57fa\u7840\u73af\u5883\u7684\u8bbe\u5907\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u8ba1\u7b97\u673a\u623f\u6216\u5c0f\u578b\u6570\u636e\u4e2d\u5fc3\u7684\u6e29\u5ea6\u3001\u6e7f\u5ea6\u3001\u529f\u7387\u3001\u7535\u529b\u548c\u70df\u96fe\u7b49\u3002\n\nAVTECH Software Room Alert 3E 2.2.5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://avtech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-26823",
  "openTime": "2019-08-12",
  "patchDescription": "AVTECH Software Room Alert 3E\u662f\u7f8e\u56fdAVTECH Software\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u76d1\u6d4bIT\u57fa\u7840\u73af\u5883\u7684\u8bbe\u5907\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u8ba1\u7b97\u673a\u623f\u6216\u5c0f\u578b\u6570\u636e\u4e2d\u5fc3\u7684\u6e29\u5ea6\u3001\u6e7f\u5ea6\u3001\u529f\u7387\u3001\u7535\u529b\u548c\u70df\u96fe\u7b49\u3002\r\n\r\nAVTECH Software Room Alert 3E 2.2.5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "AVTECH Software Room Alert 3E\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "AVTECH Software Room Alert 3E \u003c2.2.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-13379",
  "serverity": "\u9ad8",
  "submitTime": "2019-07-09",
  "title": "AVTECH Software Room Alert 3E\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

FKIE_CVE-2019-13379

Vulnerability from fkie_nvd - Published: 2019-07-07 16:15 - Updated: 2024-11-21 04:24

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/	Exploit, Third Party Advisory
cve@mitre.org	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
cve@mitre.org	https://www.youtube.com/watch?v=X1PY7kMFkVg	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
af854a3a-2127-422b-91ae-364da2661108	https://www.youtube.com/watch?v=X1PY7kMFkVg	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	avtech	room_alert_3e_firmware	*
	avtech	room_alert_3e	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:avtech:room_alert_3e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D02D4E-8E87-4D42-A3B8-319F500075FE",
              "versionEndExcluding": "2.2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:avtech:room_alert_3e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D6C448-E38B-4650-9282-789E86AC3D98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Room Alert 3E anteriores a versi\u00f3n 2.2.5 de AVTECH, un atacante con acceso a la interfaz web del dispositivo puede escalar los privilegios desde un usuario no identificado hacia un administrador mediante la ejecuci\u00f3n de un reinicio cmd.cgi?action=ResetDefaults\u0026src=RA y usando las credenciales por defecto para ingresar ."
    }
  ],
  "id": "CVE-2019-13379",
  "lastModified": "2024-11-21T04:24:49.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-07T16:15:10.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-13379 (GCVE-0-2019-13379)

GSD-2019-13379

VAR-201907-0422

GHSA-XG6V-XH9G-65CV

CNVD-2019-26823

FKIE_CVE-2019-13379

Tags

Sightings

Nomenclature