Lucene search

[email protected]NVD:CVE-2019-16067

HistoryMar 19, 2020 - 6:15 p.m.

CVE-2019-16067

2020-03-1918:15:14

CWE-319

CWE-522

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.6%

JSON

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit.

Affected configurations

Nvd

Node

netsasenigma_network_management_solutionRange≤65.0.0

VendorProductVersionCPE
netsasenigma_network_management_solution*cpe:2.3:a:netsas:enigma_network_management_solution:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netsas	enigma_network_management_solution	*	cpe:2.3:a:netsas:enigma_network_management_solution::::::::

References

www.mogozobo.com/?p=3647

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.6%

JSON

Related for NVD:CVE-2019-16067

prion1 cvelist1 cve1