admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 18:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-146xx/CVE-2019-14656.json

182 lines
5.0 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2019-14656",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-08T13:15:15.237",
"lastModified": "2019-10-17T18:51:56.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos Yealink hasta el 04-08-2019, no comprueban apropiadamente los roles de los usuarios en las peticiones POST. En consecuencia, la cuenta User predeterminada (con una contrase\u00f1a de usuario) puede realizar peticiones de administrador por medio de HTTP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeahlink:vp59_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019-08-04",
"matchCriteriaId": "A416A5F5-E7E8-4D54-8BD7-F9DACC7D2AB9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeahlink:vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2009943-3A1D-4129-A5D8-5F942D760537"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeahlink:t49g_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019-08-04",
"matchCriteriaId": "8BFE86FC-8AEA-4A0B-9D4A-1470DDABFDA2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeahlink:t49g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30F986B-FB81-4D5A-BC12-479C473E0508"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeahlink:t58v_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019-08-04",
"matchCriteriaId": "7BC06E8A-65CE-4E77-B427-966EF5FFFE08"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeahlink:t58v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A7C6A9-D47D-402B-8C85-C403A593CF92"
}
]
}
]
}
],
"references": [
{
"url": "http://cerebusforensics.com/yealink/exploit.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sway.office.com/3pCb559LYVuT0eig",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue Copy Permalink