Sign-up

ID

VAR-201903-1268


CVE

CVE-2019-0729


TITLE

Azure IoT Java SDK Vulnerability in which privileges are elevated

Trust: 0.8

sources: JVNDB: JVNDB-2019-002479

DESCRIPTION

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'. Attackers can use this vulnerability to predict the randomness of keys, obtain keys, and access users' IoT centers. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2019-0729 // JVNDB: JVNDB-2019-002479 // CNNVD: CNNVD-201902-508 // BID: 106966 // VULMON: CVE-2019-0729

AFFECTED PRODUCTS

vendor:microsoftmodel:java software development kitscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:java sdkscope:eqversion:for azure iot

Trust: 0.8

vendor:microsoftmodel:java sdk for azure iotscope:eqversion:0

Trust: 0.3

sources: BID: 106966 // JVNDB: JVNDB-2019-002479 // NVD: CVE-2019-0729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0729
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-0729
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201902-508
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-0729
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0729
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-0729
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2019-0729 // JVNDB: JVNDB-2019-002479 // CNNVD: CNNVD-201902-508 // NVD: CVE-2019-0729

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.0

problemtype:CWE-332

Trust: 0.8

sources: JVNDB: JVNDB-2019-002479 // NVD: CVE-2019-0729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-508

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201902-508

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002479

PATCH
title:CVE-2019-0729 | Azure IoT Java SDK Elevation of Privilege Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729
Trust: 0.8
title:CVE-2019-0729 | Azure IoT Java SDK の特権の昇格の脆弱性url:https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2019-0729
Trust: 0.8
title:Microsoft Azure IoT Java SDK Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89319
Trust: 0.6
title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-february-2019
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0729 // 
            
            
            
            JVNDB: JVNDB-2019-002479 // 
            
            
            
            CNNVD: CNNVD-201902-508

EXTERNAL IDS
db:NVDid:CVE-2019-0729
Trust: 2.8
db:BIDid:106966
Trust: 2.0
db:JVNDBid:JVNDB-2019-002479
Trust: 0.8
db:CNNVDid:CNNVD-201902-508
Trust: 0.6
db:VULMONid:CVE-2019-0729
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0729 // 
            
            
            
            BID: 106966 // 
            
            
            
            JVNDB: JVNDB-2019-002479 // 
            
            
            
            CNNVD: CNNVD-201902-508 // 
            
            
            
            NVD: CVE-2019-0729

REFERENCES
url:http://www.securityfocus.com/bid/106966
Trust: 2.4
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0729
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0729
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0729
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2019/at190006.html
Trust: 0.8
url:http://www.microsoft.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/330.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/106966
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0729 // 
            
            
            
            BID: 106966 // 
            
            
            
            JVNDB: JVNDB-2019-002479 // 
            
            
            
            CNNVD: CNNVD-201902-508 // 
            
            
            
            NVD: CVE-2019-0729

CREDITS
The vendor reported this issue.
Trust: 0.9
sources:
            
            
            BID: 106966 // 
            
            
            
            CNNVD: CNNVD-201902-508

SOURCES
db:VULMONid:CVE-2019-0729
db:BIDid:106966
db:JVNDBid:JVNDB-2019-002479
db:CNNVDid:CNNVD-201902-508
db:NVDid:CVE-2019-0729

LAST UPDATE DATE
2024-11-23T22:17:06.738000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-0729date:2021-07-21T00:00:00
db:BIDid:106966date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-002479date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201902-508date:2021-07-26T00:00:00
db:NVDid:CVE-2019-0729date:2024-11-21T04:17:11.110

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-0729date:2019-03-05T00:00:00
db:BIDid:106966date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-002479date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201902-508date:2019-02-12T00:00:00
db:NVDid:CVE-2019-0729date:2019-03-05T23:29:02.740