CVE-2019-15804

{"id": "CVE-2019-15804", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-14T21:15:11.953", "references": [{"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a 2.50(AAHH.0)C0. Mediante el envi\u00f3 de una se\u00f1al al proceso de la CLI, una funcionalidad no documentada es activada. Espec\u00edficamente, se puede activar un men\u00fa mediante el env\u00edo de la se\u00f1al SIGQUIT a la aplicaci\u00f3n de la CLI (por ejemplo, por medio de CTRL+\\ v\u00eda SSH). La comprobaci\u00f3n del control de acceso para este men\u00fa opera y proh\u00edbe acceder al men\u00fa, que contiene las opciones de \"Password recovery for specific user\". Se cree que es posible acceder al men\u00fa usando una consola en serie."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}