Lucene search

[email protected]CVE-2019-9582

HistoryAug 14, 2019 - 8:15 p.m.

CVE-2019-9582

2019-08-1420:15:11

[email protected]

web.nvd.nist.gov

eq-3

homematic

ccu2

cve-2019-9582

denial of service

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.2%

JSON

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.

Affected configurations

NVD

Node

eq-3homematic_ccu2_firmwareMatch2.35.16

eq-3homematic_ccu2_firmwareMatch2.41.5

eq-3homematic_ccu2_firmwareMatch2.41.8

eq-3homematic_ccu2_firmwareMatch2.41.9

eq-3homematic_ccu2_firmwareMatch2.45.6

eq-3homematic_ccu2_firmwareMatch2.45.7

eq-3homematic_ccu2_firmwareMatch2.47.10

eq-3homematic_ccu2_firmwareMatch2.47.12

eq-3homematic_ccu2_firmwareMatch2.47.15

AND

eq-3homematic_ccu2Match-

CPENameOperatorVersion
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.35.16
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.41.5
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.41.8
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.41.9
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.45.6
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.45.7
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.47.10
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.47.12
eq-3:homematic_ccu2_firmwareeq-3 homematic ccu2 firmwareeq2.47.15

CPE	Name	Operator	Version
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.35.16
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.41.5
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.41.8
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.41.9
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.45.6
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.45.7
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.47.10
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.47.12
eq-3:homematic_ccu2_firmware	eq-3 homematic ccu2 firmware	eq	2.47.15

References

github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9582.md

psytester.github.io/CVE-2019-9582/

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.2%

JSON

Related for CVE-2019-9582

cvelist1 prion1 nvd1