Lucene search

[email protected]CVE-2019-7274

HistoryJul 01, 2019 - 9:15 p.m.

CVE-2019-7274

2019-07-0121:15:11

CWE-434

[email protected]

web.nvd.nist.gov

cve-2019-7274

optergy proton

optergy enterprise

authenticated file upload

code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.

Affected configurations

NVD

Node

optergyenterpriseRange≤2.3.0a

optergyprotonRange≤2.3.0a

CPENameOperatorVersion
optergy:enterpriseoptergy enterprisele2.3.0a
optergy:protonoptergy protonle2.3.0a

CPE	Name	Operator	Version
optergy:enterprise	optergy enterprise	le	2.3.0a
optergy:proton	optergy proton	le	2.3.0a

References

packetstormsecurity.com/files/155269/Optergy-2.3.0a-Remote-Root.html

www.securityfocus.com/bid/108686

applied-risk.com/labs/advisories

www.applied-risk.com/resources/ar-2019-008

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2019-7274

prion1 packetstorm1 zdt1 cvelist1 exploitpack1 nvd1 exploitdb1 ics1