CVE-2019-9584
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.1%
eQ-3 Homematic AddOn ‘CloudMatic’ on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| eq-3 | homematic_ccu2_firmware | * | cpe:2.3:o:eq-3:homematic_ccu2_firmware:*:*:*:*:*:*:*:* |
| eq-3 | homematic_ccu2 | - | cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:* |
| eq-3 | homematic_ccu3_firmware | * | cpe:2.3:o:eq-3:homematic_ccu3_firmware:*:*:*:*:*:*:*:* |
| eq-3 | homematic_ccu3 | - | cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.1%