Details of VAR-201901-0234

ID

VAR-201901-0234

CVE

CVE-2019-2399

TITLE

Oracle Communications Applications of Oracle Communications Diameter Signaling Router In Security Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-001189

DESCRIPTION

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). The vulnerability can be exploited over the 'HTTP' protocol. The 'Security' component is affected. Attackers can use this vulnerability to read data without authorization, causing denial of service and affecting data confidentiality and availability

Trust: 2.07

sources: NVD: CVE-2019-2399 // JVNDB: JVNDB-2019-001189 // BID: 106580 // VULHUB: VHN-153834 // VULMON: CVE-2019-2399

AFFECTED PRODUCTS

vendor:	oracle	model:	communications diameter signaling router	scope:	lt	version:	8.3	Trust: 1.8
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	7.1	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	6.0	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	5.1	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	4.1.6	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	4.1	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.0	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	7.0	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	5.0	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	4.0	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	3.0	Trust: 0.3
vendor:	oracle	model:	communications diameter signaling router	scope:	ne	version:	8.3	Trust: 0.3

sources: BID: 106580 // JVNDB: JVNDB-2019-001189 // NVD: CVE-2019-2399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2399
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-2399
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-530
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-153834
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-2399
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-2399
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-153834
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2399
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-153834 // VULMON: CVE-2019-2399 // JVNDB: JVNDB-2019-001189 // CNNVD: CNNVD-201901-530 // NVD: CVE-2019-2399

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2019-001189 // NVD: CVE-2019-2399

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-530

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-530

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001189

PATCH

title:	Oracle Critical Patch Update Advisory - January 2019	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2019 Risk Matrices	url:	https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html	Trust: 0.8
title:	Oracle Communications Applications Communications Diameter Signaling Router Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88666	Trust: 0.6
title:	Oracle: Oracle Critical Patch Update Advisory - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b	Trust: 0.1

sources: VULMON: CVE-2019-2399 // JVNDB: JVNDB-2019-001189 // CNNVD: CNNVD-201901-530

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2399	Trust: 2.9
db:	BID	id:	106580	Trust: 2.1
db:	JVNDB	id:	JVNDB-2019-001189	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-530	Trust: 0.7
db:	VULHUB	id:	VHN-153834	Trust: 0.1
db:	VULMON	id:	CVE-2019-2399	Trust: 0.1

sources: VULHUB: VHN-153834 // VULMON: CVE-2019-2399 // BID: 106580 // JVNDB: JVNDB-2019-001189 // CNNVD: CNNVD-201901-530 // NVD: CVE-2019-2399

REFERENCES

url:	http://www.securityfocus.com/bid/106580	Trust: 2.4
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2399	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2399	Trust: 0.8
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-153834 // VULMON: CVE-2019-2399 // BID: 106580 // JVNDB: JVNDB-2019-001189 // CNNVD: CNNVD-201901-530 // NVD: CVE-2019-2399

CREDITS

Guillaume Teissier of Orange CERT-CC

Trust: 0.9

sources: BID: 106580 // CNNVD: CNNVD-201901-530

SOURCES

db:	VULHUB	id:	VHN-153834
db:	VULMON	id:	CVE-2019-2399
db:	BID	id:	106580
db:	JVNDB	id:	JVNDB-2019-001189
db:	CNNVD	id:	CNNVD-201901-530
db:	NVD	id:	CVE-2019-2399

LAST UPDATE DATE

2024-11-23T23:11:56.502000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-153834	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-2399	date:	2020-08-24T00:00:00
db:	BID	id:	106580	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-001189	date:	2019-01-23T00:00:00
db:	CNNVD	id:	CNNVD-201901-530	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2019-2399	date:	2024-11-21T04:40:47.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-153834	date:	2019-01-16T00:00:00
db:	VULMON	id:	CVE-2019-2399	date:	2019-01-16T00:00:00
db:	BID	id:	106580	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-001189	date:	2019-01-23T00:00:00
db:	CNNVD	id:	CNNVD-201901-530	date:	2019-01-16T00:00:00
db:	NVD	id:	CVE-2019-2399	date:	2019-01-16T19:30:30.843