Details of VAR-201907-0152

ID

VAR-201907-0152

CVE

CVE-2019-7252

TITLE

Nortek Security & Control Linear eMerge E3-Series Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-34626 // CNNVD: CNNVD-201907-109

DESCRIPTION

Linear eMerge E3-Series devices have Default Credentials. Linear eMerge E3 Series devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA. Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to obtain default passwords and identify target systems connected to the network. to attack affected components

Trust: 2.25

sources: NVD: CVE-2019-7252 // JVNDB: JVNDB-2019-005906 // CNVD: CNVD-2019-34626 // VULHUB: VHN-158687

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-34626

AFFECTED PRODUCTS

vendor:	nortekcontrol	model:	linear emerge essential	scope:	lte	version:	1.00-06	Trust: 1.0
vendor:	nortekcontrol	model:	linear emerge elite	scope:	lte	version:	1.00-06	Trust: 1.0
vendor:	nortek	model:	linear emerge elite	scope:	-	version:	-	Trust: 0.8
vendor:	nortek	model:	linear emerge essential	scope:	-	version:	-	Trust: 0.8
vendor:	nortek	model:	security&control linear emerge e3-series	scope:	lte	version:	<=1.00-06	Trust: 0.6

sources: CNVD: CNVD-2019-34626 // JVNDB: JVNDB-2019-005906 // NVD: CVE-2019-7252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7252
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-7252
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-34626
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-109
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158687
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-7252
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-34626
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-158687
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7252
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-34626 // VULHUB: VHN-158687 // JVNDB: JVNDB-2019-005906 // CNNVD: CNNVD-201907-109 // NVD: CVE-2019-7252

PROBLEMTYPE DATA

problemtype:	CWE-1188	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-158687 // JVNDB: JVNDB-2019-005906 // NVD: CVE-2019-7252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-109

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-109

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005906

PATCH

title:

eMerge E3-Series Access Control

url:

https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2019-005906

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7252	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-005906	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-109	Trust: 0.7
db:	CNVD	id:	CNVD-2019-34626	Trust: 0.6
db:	VULHUB	id:	VHN-158687	Trust: 0.1

sources: CNVD: CNVD-2019-34626 // VULHUB: VHN-158687 // JVNDB: JVNDB-2019-005906 // CNNVD: CNNVD-201907-109 // NVD: CVE-2019-7252

REFERENCES

url:	https://www.applied-risk.com/resources/ar-2019-005	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7252	Trust: 2.0
url:	https://applied-risk.com/labs/advisories	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7252	Trust: 0.8

sources: CNVD: CNVD-2019-34626 // VULHUB: VHN-158687 // JVNDB: JVNDB-2019-005906 // CNNVD: CNNVD-201907-109 // NVD: CVE-2019-7252

SOURCES

db:	CNVD	id:	CNVD-2019-34626
db:	VULHUB	id:	VHN-158687
db:	JVNDB	id:	JVNDB-2019-005906
db:	CNNVD	id:	CNNVD-201907-109
db:	NVD	id:	CVE-2019-7252

LAST UPDATE DATE

2024-11-23T22:37:46.816000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-34626	date:	2019-10-11T00:00:00
db:	VULHUB	id:	VHN-158687	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-005906	date:	2019-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201907-109	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-7252	date:	2024-11-21T04:47:50.707

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-34626	date:	2019-10-10T00:00:00
db:	VULHUB	id:	VHN-158687	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-005906	date:	2019-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201907-109	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-7252	date:	2019-07-02T19:15:10.867