Details of VAR-201907-0109

ID

VAR-201907-0109

CVE

CVE-2019-5446

TITLE

EdgeMAX EdgeSwitch Vulnerable to command injection

Trust: 0.8

sources: JVNDB: JVNDB-2019-006411

DESCRIPTION

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. EdgeMAX EdgeSwitch Contains a command injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. UbiquitiNetworksEdgeMAXEdgeSwitch is a PoE+ Gigabit switch from Ubiquiti Networks. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

Trust: 2.25

sources: NVD: CVE-2019-5446 // JVNDB: JVNDB-2019-006411 // CNVD: CNVD-2019-22212 // VULMON: CVE-2019-5446

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-22212

AFFECTED PRODUCTS

vendor:	ui	model:	edgeswitch	scope:	lt	version:	1.8.2	Trust: 1.0
vendor:	ubiquiti	model:	edgeswitch	scope:	lt	version:	1.8.2	Trust: 0.8
vendor:	ubiquiti	model:	networks ubiquiti networks edgemax edgeswitch	scope:	lt	version:	1.8.2	Trust: 0.6

sources: CNVD: CNVD-2019-22212 // JVNDB: JVNDB-2019-006411 // NVD: CVE-2019-5446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5446
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5446
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-22212
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-607
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-5446
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-5446
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-22212
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5446
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5446
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-22212 // VULMON: CVE-2019-5446 // JVNDB: JVNDB-2019-006411 // CNNVD: CNNVD-201907-607 // NVD: CVE-2019-5446

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.8

sources: JVNDB: JVNDB-2019-006411 // NVD: CVE-2019-5446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-607

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006411

PATCH

title:	EdgeMAX EdgeSwitch Firmware v1.8.2	url:	https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7	Trust: 0.8
title:	Patch for EdgeMAXEdgeSwitch command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/168499	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-5446	Trust: 0.1

sources: CNVD: CNVD-2019-22212 // VULMON: CVE-2019-5446 // JVNDB: JVNDB-2019-006411

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5446	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-006411	Trust: 0.8
db:	CNVD	id:	CNVD-2019-22212	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-607	Trust: 0.6
db:	VULMON	id:	CVE-2019-5446	Trust: 0.1

sources: CNVD: CNVD-2019-22212 // VULMON: CVE-2019-5446 // JVNDB: JVNDB-2019-006411 // CNNVD: CNNVD-201907-607 // NVD: CVE-2019-5446

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-5446	Trust: 2.0
url:	https://community.ui.com/releases/edgemax-edgeswitch-firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5446	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-5446	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-22212 // VULMON: CVE-2019-5446 // JVNDB: JVNDB-2019-006411 // CNNVD: CNNVD-201907-607 // NVD: CVE-2019-5446

SOURCES

db:	CNVD	id:	CNVD-2019-22212
db:	VULMON	id:	CVE-2019-5446
db:	JVNDB	id:	JVNDB-2019-006411
db:	CNNVD	id:	CNNVD-201907-607
db:	NVD	id:	CVE-2019-5446

LAST UPDATE DATE

2024-11-23T22:48:22.103000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-22212	date:	2019-07-12T00:00:00
db:	VULMON	id:	CVE-2019-5446	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006411	date:	2019-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201907-607	date:	2019-07-18T00:00:00
db:	NVD	id:	CVE-2019-5446	date:	2024-11-21T04:44:57.033

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-22212	date:	2019-07-12T00:00:00
db:	VULMON	id:	CVE-2019-5446	date:	2019-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-006411	date:	2019-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201907-607	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2019-5446	date:	2019-07-10T20:15:12.763