Sign-up

ID

VAR-201903-0205


CVE

CVE-2019-7383


TITLE

plural Systrome Cumilon ISG Command product vulnerability in device product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-003048

DESCRIPTION

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter. Systrome Cumilon ISG-600C , ISG-600H , ISG-800W The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Systrome Networks ISG products is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Local attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. The following products are vulnerable: ISG-600C ISG-600H ISG-800W. SYSTORME ISG-600C is an integrated security gateway device of India SYSTORME company

Trust: 1.98

sources: NVD: CVE-2019-7383 // JVNDB: JVNDB-2019-003048 // BID: 107035 // VULHUB: VHN-158818

AFFECTED PRODUCTS

vendor:systromemodel:cumilon isg-800wscope:eqversion:1.1-r2.1

Trust: 1.0

vendor:systromemodel:cumilon isg-600cscope:eqversion:1.1-r2.1

Trust: 1.0

vendor:systromemodel:cumilon isg-600hscope:eqversion:1.1-r2.1

Trust: 1.0

vendor:systromemodel:isg 600cscope:eqversion:1.1-r2.1_trunk-20181105.bin

Trust: 0.8

vendor:systromemodel:isg 600hscope:eqversion:1.1-r2.1_trunk-20181105.bin

Trust: 0.8

vendor:systromemodel:isg 800wscope:eqversion:1.1-r2.1_trunk-20181105.bin

Trust: 0.8

vendor:systromemodel:networks isg-800w 1.1-r2.1 trunk-20181scope: - version: -

Trust: 0.3

vendor:systromemodel:networks isg-600h 1.1-r2.1 trunk-20181scope: - version: -

Trust: 0.3

vendor:systromemodel:networks isg-600c 1.1-r2.1 trunk-20181scope: - version: -

Trust: 0.3

vendor:systromemodel:networks isg-800w 1.1-r2.1 trunk-20181scope:neversion: -

Trust: 0.3

vendor:systromemodel:networks isg-600h 1.1-r2.1 trunk-20181scope:neversion: -

Trust: 0.3

vendor:systromemodel:networks isg-600c 1.1-r2.1 trunk-20181scope:neversion: -

Trust: 0.3

sources: BID: 107035 // JVNDB: JVNDB-2019-003048 // NVD: CVE-2019-7383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7383
value: HIGH

Trust: 1.0

NVD: CVE-2019-7383
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-615
value: HIGH

Trust: 0.6

VULHUB: VHN-158818
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7383
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158818
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7383
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7383
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158818 // JVNDB: JVNDB-2019-003048 // CNNVD: CNNVD-201902-615 // NVD: CVE-2019-7383

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-158818 // JVNDB: JVNDB-2019-003048 // NVD: CVE-2019-7383

THREAT TYPE

local

Trust: 0.9

sources: BID: 107035 // CNNVD: CNNVD-201902-615

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201902-615

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003048

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-158818

PATCH
title:Top Pageurl:http://systrome.com/
Trust: 0.8
title:ISG-600C , ISG-600H  and ISG-800W Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89406
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003048 // 
            
            
            
            CNNVD: CNNVD-201902-615

EXTERNAL IDS
db:NVDid:CVE-2019-7383
Trust: 2.8
db:PACKETSTORMid:151648
Trust: 2.5
db:BIDid:107035
Trust: 2.0
db:JVNDBid:JVNDB-2019-003048
Trust: 0.8
db:CNNVDid:CNNVD-201902-615
Trust: 0.7
db:VULHUBid:VHN-158818
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158818 // 
            
            
            
            BID: 107035 // 
            
            
            
            JVNDB: JVNDB-2019-003048 // 
            
            
            
            CNNVD: CNNVD-201902-615 // 
            
            
            
            NVD: CVE-2019-7383

REFERENCES
url:http://packetstormsecurity.com/files/151648/systorme-isg-command-injection.html
Trust: 3.7
url:http://www.securityfocus.com/bid/107035
Trust: 2.3
url:http://seclists.org/fulldisclosure/2019/feb/32
Trust: 2.0
url:https://s3curityb3ast.github.io/ksa-dev-003.md
Trust: 1.7
url:https://www.breakthesec.com/2019/02/cve-2019-7383-remote-code-execution-via.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7383
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7383
Trust: 0.8
url:https://s3curityb3ast.github.io
Trust: 0.6
url:http://breakthesec.com
Trust: 0.6
url:http://www.breakthesec.com/search/label/0day
Trust: 0.6
url:http://systrome.com/cumilon-isg-600-cloud-controlled-gateway/
Trust: 0.3
url:http://systrome.com/about/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-158818 // 
            
            
            
            BID: 107035 // 
            
            
            
            JVNDB: JVNDB-2019-003048 // 
            
            
            
            CNNVD: CNNVD-201902-615 // 
            
            
            
            NVD: CVE-2019-7383

CREDITS
Kaustubh G. Padwad,Kaustubh Padwad
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-615

SOURCES
db:VULHUBid:VHN-158818
db:BIDid:107035
db:JVNDBid:JVNDB-2019-003048
db:CNNVDid:CNNVD-201902-615
db:NVDid:CVE-2019-7383

LAST UPDATE DATE
2024-11-23T22:21:45.720000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158818date:2023-02-03T00:00:00
db:BIDid:107035date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-003048date:2019-05-08T00:00:00
db:CNNVDid:CNNVD-201902-615date:2020-08-25T00:00:00
db:NVDid:CVE-2019-7383date:2024-11-21T04:48:06.723

SOURCES RELEASE DATE
db:VULHUBid:VHN-158818date:2019-03-21T00:00:00
db:BIDid:107035date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-003048date:2019-05-08T00:00:00
db:CNNVDid:CNNVD-201902-615date:2019-02-13T00:00:00
db:NVDid:CVE-2019-7383date:2019-03-21T16:01:11.610