Lucene search

[email protected]CVE-2019-10662

HistoryMar 30, 2019 - 5:29 p.m.

CVE-2019-10662

2019-03-3017:29:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2019-10662

grandstream ucm6204

remote code execution

shell metacharacters

security vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.0%

JSON

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.

CPENameOperatorVersion
grandstream:ucm6204_firmwaregrandstream ucm6204 firmwarelt1.0.19.20

CPE	Name	Operator	Version
grandstream:ucm6204_firmware	grandstream ucm6204 firmware	lt	1.0.19.20

References

github.com/scarvell/grandstream_exploits

www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.0%

JSON

Related for CVE-2019-10662

prion1 cvelist1 zdt1 packetstorm1 metasploit1 nessus3