admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-146xx/CVE-2019-14656.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

182 lines
5.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-14656",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-08T13:15:15.237",
"lastModified": "2019-10-17T18:51:56.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos Yealink hasta el 04-08-2019, no comprueban apropiadamente los roles de los usuarios en las peticiones POST. En consecuencia, la cuenta User predeterminada (con una contrase\u00f1a de usuario) puede realizar peticiones de administrador por medio de HTTP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeahlink:vp59_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019-08-04",
"matchCriteriaId": "A416A5F5-E7E8-4D54-8BD7-F9DACC7D2AB9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeahlink:vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2009943-3A1D-4129-A5D8-5F942D760537"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeahlink:t49g_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019-08-04",
"matchCriteriaId": "8BFE86FC-8AEA-4A0B-9D4A-1470DDABFDA2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeahlink:t49g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30F986B-FB81-4D5A-BC12-479C473E0508"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeahlink:t58v_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019-08-04",
"matchCriteriaId": "7BC06E8A-65CE-4E77-B427-966EF5FFFE08"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeahlink:t58v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A7C6A9-D47D-402B-8C85-C403A593CF92"
}
]
}
]
}
],
"references": [
{
"url": "http://cerebusforensics.com/yealink/exploit.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sway.office.com/3pCb559LYVuT0eig",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink