Lucene search

K
cve[email protected]CVE-2019-5040
HistoryAug 20, 2019 - 9:15 p.m.

CVE-2019-5040

2019-08-2021:15:13
CWE-190
web.nvd.nist.gov
96
2
cve-2019-5040
information disclosure
vulnerability
weave
messagelayer
parsing
openweave-core
nest cam iq indoor
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.0%

An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability.

Affected configurations

Vulners
NVD
Node
googlenest_hubRange4620002
VendorProductVersionCPE
googlenest_hub*cpe:2.3:h:google:nest_hub:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Nest Labs",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Nest Labs Openweave-core 4.0.2 Nest Labs Nest Cam IQ Indoor version 4620002"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.0%