Lucene search

[email protected]CVE-2019-15800

HistoryNov 14, 2019 - 9:15 p.m.

CVE-2019-15800

2019-11-1421:15:00

CWE-78

[email protected]

web.nvd.nist.gov

zyxel

gs1900

firmware

vulnerability

input validation

code execution

nvd

cve-2019-15800

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.3%

JSON

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)

CPENameOperatorVersion
zyxel:gs1900-8_firmwarezyxel gs1900-8 firmwarelt2.50\(aahh.0\)c0
zyxel:gs1900-8hp_firmwarezyxel gs1900-8hp firmwarelt2.50\(aahi.0\)c0
zyxel:gs1900-10hp_firmwarezyxel gs1900-10hp firmwarelt2.50\(aazi.0\)c0
zyxel:gs1900-16_firmwarezyxel gs1900-16 firmwarelt2.50\(aahj.0\)c0
zyxel:gs1900-24e_firmwarezyxel gs1900-24e firmwarelt2.50\(aahk.0\)c0
zyxel:gs1900-24_firmwarezyxel gs1900-24 firmwarelt2.50\(aahl.0\)c0
zyxel:gs1900-24hp_firmwarezyxel gs1900-24hp firmwarelt2.50\(aahm.0\)c0
zyxel:gs1900-48_firmwarezyxel gs1900-48 firmwarelt2.50\(aahn.0\)c0
zyxel:gs1900-48hp_firmwarezyxel gs1900-48hp firmwarelt2.50\(aaho.0\)c0

CPE	Name	Operator	Version
zyxel:gs1900-8_firmware	zyxel gs1900-8 firmware	lt	2.50\(aahh.0\)c0
zyxel:gs1900-8hp_firmware	zyxel gs1900-8hp firmware	lt	2.50\(aahi.0\)c0
zyxel:gs1900-10hp_firmware	zyxel gs1900-10hp firmware	lt	2.50\(aazi.0\)c0
zyxel:gs1900-16_firmware	zyxel gs1900-16 firmware	lt	2.50\(aahj.0\)c0
zyxel:gs1900-24e_firmware	zyxel gs1900-24e firmware	lt	2.50\(aahk.0\)c0
zyxel:gs1900-24_firmware	zyxel gs1900-24 firmware	lt	2.50\(aahl.0\)c0
zyxel:gs1900-24hp_firmware	zyxel gs1900-24hp firmware	lt	2.50\(aahm.0\)c0
zyxel:gs1900-48_firmware	zyxel gs1900-48 firmware	lt	2.50\(aahn.0\)c0
zyxel:gs1900-48hp_firmware	zyxel gs1900-48hp firmware	lt	2.50\(aaho.0\)c0

References

jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for CVE-2019-15800

prion1 cvelist1