Lucene search

MitreCVE-2019-18648

HistoryNov 14, 2019 - 3:15 p.m.

CVE-2019-18648

2019-11-1415:15:12

CWE-79

mitre

web.nvd.nist.gov

untangle ng firewall

14.2.0

admin user

reflected xss

vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.

Affected configurations

Nvd

Node

untangleng_firewallMatch14.2.0

VendorProductVersionCPE
untangleng_firewall14.2.0cpe:2.3:a:untangle:ng_firewall:14.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
untangle	ng_firewall	14.2.0	cpe:2.3:a:untangle:ng_firewall:14.2.0:::::::*

References

gist.github.com/alm4ric/ada44ce7de9a30244c2269106c70a145

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2019-18648