11 matches found
CVE-2019-15023
CVE-2019-15023 affects Palo Alto Networks Zingbox Inspector 1.294 and earlier, where passwords for 3rd‑party integrations are stored in cleartext in device configuration. This information‑disclosure vulnerability can enable attackers with access to the appliance to view plaintext credentials. Sev...
CVE-2019-1584
CVE-2019-1584 affects Zingbox Inspector versions 1.293 and earlier. The issue enables remote code execution when the Inspector processes a malicious command from the Zingbox cloud or is tampered with to connect to an attacker’s cloud endpoint. Root cause noted across sources includes insufficient...
CVE-2019-15017
CVE-2019-15017 affects Palo Alto Networks Zingbox Inspector versions 1.294 and earlier. The SSH service is exposed to the local network; with PAN-SA-2019-0027, an attacker could authenticate using hardcoded credentials, enabling unauthorized SSH access. The practical impact is unauthorized access...
CVE-2019-15014
CVE-2019-15014 affects Palo Alto Networks Zingbox Inspector 1.286 and earlier. The vulnerability is a command injection in the Inspector CLI that allows an authenticated user to run arbitrary system commands. Exploitation details are not provided in the documents, but the impact is high (CLI-leve...
CVE-2019-15016
The CVE-2019-15016 issue affects Zingbox Inspector (Palo Alto Networks) where the management interface permits SQL commands via unsanitized user input from the web UI in versions 1.288 and earlier. Root cause: lack of validation/sanitization in SQL query construction, enabling an authenticated us...
CVE-2019-15022
The CVE-2019-15022 issue affects Zingbox Inspector versions 1.294 and earlier, where the tool is vulnerable to ARP spoofing due to insufficient ARP protection. Impact, as described in the sources, is the potential for ARP spoofing attacks against the Inspector, with referenced advisories noting t...
CVE-2019-15021
CVE-2019-15021 affects Palo Alto Networks Zingbox Inspector prior to 1.295 (
CVE-2019-15020
The CVE-2019-15020 issue affects Palo Alto Networks Zingbox Inspector versions 1.293 and earlier, where the update handling fails to properly neutralize/validate data in the software update stream. This can allow a remote attacker to intercept or craft an invalid software update image, potentiall...
CVE-2019-15019
CVE-2019-15019 affects Palo Alto Networks Zingbox Inspector, specifically versions 1.294 and earlier. The root cause is insufficient input validation in the network traffic handler, which could allow a remote attacker to intercept and modify a software update package. Impact is the ability to del...
CVE-2019-15015
ZingBox Inspector (Palo Alto Networks) versions 1.294 and earlier are affected by a hardcoded-credentials vulnerability in which root and inspector user accounts are embedded in the system software, potentially allowing unauthorized access and full control. Root cause: hardcoded credentials in th...
CVE-2019-15018
CVE-2019-15018 affects Palo Alto Networks Zingbox Inspector (versions 1.280 and earlier). The root cause is an authentication bypass when binding the Inspector to a different customer tenant, enabling potential cross-tenant access. Impact is described as a security-bypass affecting the binding fu...