admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-39xx/CVE-2019-3934.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

154 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-3934",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2019-04-30T21:29:01.010",
"lastModified": "2020-10-16T16:03:11.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code."
},
{
"lang": "es",
"value": "Crestron AM-100 con firmware versi\u00f3n 1.6.0.2 y AM-101 con firmware versi\u00f3n 2.7.0.2 permite que cualquiera pueda omitir el c\u00f3digo de presentaci\u00f3n enviando una petici\u00f3n HTTP POST creada para el archivo login.cgi. Un atacante remoto no identificado puede usar esta vulnerabilidad para descargar la imagen de diapositiva actual sin conocer el c\u00f3digo de acceso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "913135BE-8FB4-40BA-85D8-AD0F824493C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "081E2B1B-027D-4846-8C61-54CE2D668CD0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC584E7-9159-48E8-B499-F5CA68663503"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2019-20",
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink