VAR-201910-0933

Vulnerability from variot - Updated: 2024-11-23 21:36

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0933",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "inspector",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "zingbox",
        "version": "1.288"
      },
      {
        "model": "alto networks zingbox inspector",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "palo",
        "version": "\u003c=1.288"
      },
      {
        "model": "inspector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zingbox",
        "version": "1.288"
      },
      {
        "model": "inspector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zingbox",
        "version": "1.286"
      },
      {
        "model": "inspector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zingbox",
        "version": null
      },
      {
        "model": "inspector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zingbox",
        "version": "1.281"
      },
      {
        "model": "inspector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zingbox",
        "version": "1.280"
      },
      {
        "model": "inspector",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zingbox",
        "version": "1.287"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:zingbox:inspector",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      }
    ]
  },
  "cve": "CVE-2019-15016",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2019-15016",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2019-36673",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-15016",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-15016",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-15016",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-15016",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-36673",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-606",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-15016",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Zingbox Inspector Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Palo Alto Networks Zingbox Inspector is a locally deployed device in a Zingbox IoT Command Center IoT Control Center solution from Palo Alto Networks, USA. The vulnerability stems from the lack of validation of externally entered SQL statements by database-based applications. An attacker could use this vulnerability to execute illegal SQL commands",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-15016",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "id": "VAR-201910-0933",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:36:34.975000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.zingbox.com/"
      },
      {
        "title": "Patch for Palo Alto Networks Zingbox Inspector SQL injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/186335"
      },
      {
        "title": "Zingbox Inspector SQL Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99250"
      },
      {
        "title": "Palo Alto Networks Security Advisory: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=dfa40f4cc53a56eced3ccfb730642543"
      },
      {
        "title": "Palo Alto Networks Security Advisory: CVE-2019-15016 SQL Injection in Zingbox Inspector",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=bc571911c016e8ec324aaddf315ae1b3"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2019-15016 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15016"
      },
      {
        "trust": 1.7,
        "url": "https://security.paloaltonetworks.com/cve-2019-15016"
      },
      {
        "trust": 1.4,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/173"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15016"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/89.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-15016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110275"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "date": "2019-10-09T21:15:12.757000",
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "date": "2023-02-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-15016"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010563"
      },
      {
        "date": "2020-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      },
      {
        "date": "2024-11-21T04:27:52.773000",
        "db": "NVD",
        "id": "CVE-2019-15016"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Palo Alto Networks Zingbox Inspector SQL injection vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-606"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…