Lucene search

[email protected]NVD:CVE-2019-10655

HistoryMar 30, 2019 - 5:29 p.m.

CVE-2019-10655

2019-03-3017:29:00

CWE-119

CWE-78

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.917

Percentile

99.0%

JSON

Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.

Affected configurations

Nvd

Node

grandstreamgac2500_firmwareRange≤1.0.3.35

AND

grandstreamgac2500Match-

Node

grandstreamgvc3202_firmwareRange<1.0.3.51

AND

grandstreamgvc3202Match-

Node

grandstreamgxv3275_firmwareRange<1.0.3.219

AND

grandstreamgxv3275Match-

Node

grandstreamgxv3240_firmwareRange<1.0.3.219

AND

grandstreamgxv3240Match-

Node

grandstreamgxp2200_firmwareRange≤1.0.3.27

AND

grandstreamgxp2200Match-

VendorProductVersionCPE
grandstreamgac2500_firmware*cpe:2.3:o:grandstream:gac2500_firmware:*:*:*:*:*:*:*:*
grandstreamgac2500-cpe:2.3:h:grandstream:gac2500:-:*:*:*:*:*:*:*
grandstreamgvc3202_firmware*cpe:2.3:o:grandstream:gvc3202_firmware:*:*:*:*:*:*:*:*
grandstreamgvc3202-cpe:2.3:h:grandstream:gvc3202:-:*:*:*:*:*:*:*
grandstreamgxv3275_firmware*cpe:2.3:o:grandstream:gxv3275_firmware:*:*:*:*:*:*:*:*
grandstreamgxv3275-cpe:2.3:h:grandstream:gxv3275:-:*:*:*:*:*:*:*
grandstreamgxv3240_firmware*cpe:2.3:o:grandstream:gxv3240_firmware:*:*:*:*:*:*:*:*
grandstreamgxv3240-cpe:2.3:h:grandstream:gxv3240:-:*:*:*:*:*:*:*
grandstreamgxp2200_firmware*cpe:2.3:o:grandstream:gxp2200_firmware:*:*:*:*:*:*:*:*
grandstreamgxp2200-cpe:2.3:h:grandstream:gxp2200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
grandstream	gac2500_firmware	*	cpe:2.3:o:grandstream:gac2500_firmware::::::::
grandstream	gac2500	-	cpe:2.3:h:grandstream:gac2500:-:::::::*
grandstream	gvc3202_firmware	*	cpe:2.3:o:grandstream:gvc3202_firmware::::::::
grandstream	gvc3202	-	cpe:2.3:h:grandstream:gvc3202:-:::::::*
grandstream	gxv3275_firmware	*	cpe:2.3:o:grandstream:gxv3275_firmware::::::::
grandstream	gxv3275	-	cpe:2.3:h:grandstream:gxv3275:-:::::::*
grandstream	gxv3240_firmware	*	cpe:2.3:o:grandstream:gxv3240_firmware::::::::
grandstream	gxv3240	-	cpe:2.3:h:grandstream:gxv3240:-:::::::*
grandstream	gxp2200_firmware	*	cpe:2.3:o:grandstream:gxp2200_firmware::::::::
grandstream	gxp2200	-	cpe:2.3:h:grandstream:gxp2200:-:::::::*