Details of VAR-201903-0217

ID

VAR-201903-0217

CVE

CVE-2019-9725

TITLE

Korenix JetPort 5601 and 5601f Runs on the device Web manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-002437

DESCRIPTION

The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. The web management page in Korenix JetPort 5601 and 5601f has a cross-site scripting vulnerability

Trust: 1.71

sources: NVD: CVE-2019-9725 // JVNDB: JVNDB-2019-002437 // VULHUB: VHN-161160

AFFECTED PRODUCTS

vendor:	korenix	model:	jetport 5601	scope:	eq	version:	-	Trust: 1.0
vendor:	korenix	model:	jetport web manager	scope:	eq	version:	-	Trust: 1.0
vendor:	korenix	model:	jetport 5601f	scope:	eq	version:	-	Trust: 1.0
vendor:	korenix	model:	jetnet web manager	scope:	-	version:	-	Trust: 0.8
vendor:	korenix	model:	jetport 5601	scope:	-	version:	-	Trust: 0.8
vendor:	korenix	model:	jetport 5601f	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-002437 // NVD: CVE-2019-9725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9725
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-9725
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-356
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-161160
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9725
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-161160
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9725
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-161160 // JVNDB: JVNDB-2019-002437 // CNNVD: CNNVD-201903-356 // NVD: CVE-2019-9725

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-161160 // JVNDB: JVNDB-2019-002437 // NVD: CVE-2019-9725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-356

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201903-356

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002437

PATCH

title:

Top Page

url:

https://www.korenix.com/index.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2019-002437

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9725	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-002437	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-356	Trust: 0.7
db:	VULHUB	id:	VHN-161160	Trust: 0.1

sources: VULHUB: VHN-161160 // JVNDB: JVNDB-2019-002437 // CNNVD: CNNVD-201903-356 // NVD: CVE-2019-9725

REFERENCES

url:	https://medium.com/@bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9725	Trust: 1.4
url:	https://medium.com/%40bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9725	Trust: 0.8

sources: VULHUB: VHN-161160 // JVNDB: JVNDB-2019-002437 // CNNVD: CNNVD-201903-356 // NVD: CVE-2019-9725

SOURCES

db:	VULHUB	id:	VHN-161160
db:	JVNDB	id:	JVNDB-2019-002437
db:	CNNVD	id:	CNNVD-201903-356
db:	NVD	id:	CVE-2019-9725

LAST UPDATE DATE

2024-11-23T21:37:36.921000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161160	date:	2019-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-002437	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-356	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2019-9725	date:	2024-11-21T04:52:10.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161160	date:	2019-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-002437	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-356	date:	2019-03-12T00:00:00
db:	NVD	id:	CVE-2019-9725	date:	2019-03-12T20:29:00.407