CVE-2019-17218

{"id": "CVE-2019-17218", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2019-10-06T16:15:10.430", "references": [{"url": "https://vuldb.com/?id.134116", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://vuldb.com/?id.134116", "tags": ["Permissions Required", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos V-Zug Combi-Steam MSLQ versiones anteriores a Ethernet R07 y anteriores a WLAN R05. Por defecto, la comunicaci\u00f3n con el servicio web no est\u00e1 encriptada por medio de http. Un atacante puede interceptar y detectar la comunicaci\u00f3n con el servicio web."}], "lastModified": "2024-11-21T04:31:53.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vzug:combi-stream_mslq_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D622A17-7569-4A0A-A500-E07DF939ACEB", "versionEndExcluding": "ethernet_r07"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vzug:combi-stream_mslq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71471F55-CB54-4F42-8A94-92D0CE479028"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vzug:combi-stream_mslq_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68A4AABA-B6A5-4E1E-A848-F5AB12E7EAFF", "versionEndExcluding": "wlan_r05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vzug:combi-stream_mslq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71471F55-CB54-4F42-8A94-92D0CE479028"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}