Sign-up

ID

VAR-201907-0157


CVE

CVE-2019-7256


TITLE

Linear eMerge E3  For devices in the series  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005909

DESCRIPTION

Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system

Trust: 2.34

sources: NVD: CVE-2019-7256 // JVNDB: JVNDB-2019-005909 // CNVD: CNVD-2019-21274 // VULHUB: VHN-158691 // VULMON: CVE-2019-7256

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-21274

AFFECTED PRODUCTS

vendor:nortekcontrolmodel:linear emerge elitescope:lteversion:1.00-06

Trust: 1.0

vendor:nortekcontrolmodel:linear emerge essentialscope:lteversion:1.00-06

Trust: 1.0

vendor:nortekmodel:linear emerge essentialscope: - version: -

Trust: 0.8

vendor:nortekmodel:linear emerge elitescope: - version: -

Trust: 0.8

vendor:nortekmodel:security&control linear emerge e3-seriesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-21274 // JVNDB: JVNDB-2019-005909 // NVD: CVE-2019-7256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7256
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-7256
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7256
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-21274
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-107
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158691
value: HIGH

Trust: 0.1

VULMON: CVE-2019-7256
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7256
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-21274
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158691
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7256
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2019-7256
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-21274 // VULHUB: VHN-158691 // VULMON: CVE-2019-7256 // JVNDB: JVNDB-2019-005909 // CNNVD: CNNVD-201907-107 // NVD: CVE-2019-7256 // NVD: CVE-2019-7256

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-77

Trust: 0.1

sources: VULHUB: VHN-158691 // JVNDB: JVNDB-2019-005909 // NVD: CVE-2019-7256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-107

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-107

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-158691

PATCH
title:eMerge E3-Series Access Controlurl:https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf
Trust: 0.8
title:Nuclei Templates
Resourcesurl:https://github.com/merlinepedra25/nuclei-templates 
Trust: 0.1
title:Nuclei Templates
Resourcesurl:https://github.com/merlinepedra/nuclei-templates 
Trust: 0.1
title:Kenzer Templates [1289]url:https://github.com/Elsfa7-110/kenzer-templates 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC 
Trust: 0.1
title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-7256 // 
            
            
            
            JVNDB: JVNDB-2019-005909

EXTERNAL IDS
db:NVDid:CVE-2019-7256
Trust: 4.0
db:PACKETSTORMid:170372
Trust: 1.8
db:PACKETSTORMid:155255
Trust: 1.8
db:PACKETSTORMid:155272
Trust: 1.8
db:PACKETSTORMid:155256
Trust: 1.8
db:ICS CERTid:ICSA-24-065-01
Trust: 0.8
db:JVNid:JVNVU96911165
Trust: 0.8
db:JVNDBid:JVNDB-2019-005909
Trust: 0.8
db:CNNVDid:CNNVD-201907-107
Trust: 0.7
db:CNVDid:CNVD-2019-21274
Trust: 0.6
db:EXPLOIT-DBid:47619
Trust: 0.6
db:VULHUBid:VHN-158691
Trust: 0.1
db:VULMONid:CVE-2019-7256
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21274 // 
            
            
            
            VULHUB: VHN-158691 // 
            
            
            
            VULMON: CVE-2019-7256 // 
            
            
            
            JVNDB: JVNDB-2019-005909 // 
            
            
            
            CNNVD: CNNVD-201907-107 // 
            
            
            
            NVD: CVE-2019-7256

REFERENCES
url:https://www.applied-risk.com/resources/ar-2019-005
Trust: 3.2
url:https://applied-risk.com/labs/advisories
Trust: 2.4
url:http://packetstormsecurity.com/files/155272/linear-emerge-e3-access-controller-command-injection.html
Trust: 2.4
url:http://packetstormsecurity.com/files/155255/linear-emerge-e3-1.00-06-card_scan.php-command-injection.html
Trust: 1.9
url:http://packetstormsecurity.com/files/155256/linear-emerge-e3-1.00-06-card_scan_decoder.php-command-injection.html
Trust: 1.8
url:http://packetstormsecurity.com/files/170372/linear-emerge-e3-series-access-controller-command-injection.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-7256
Trust: 1.4
url:https://jvn.jp/vu/jvnvu96911165/
Trust: 0.8
url:https://cisa.gov/known-exploited-vulnerabilities-catalog
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01
Trust: 0.8
url:https://www.exploit-db.com/exploits/47619
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/arpsyndicate/kenzer-templates
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21274 // 
            
            
            
            VULHUB: VHN-158691 // 
            
            
            
            VULMON: CVE-2019-7256 // 
            
            
            
            JVNDB: JVNDB-2019-005909 // 
            
            
            
            CNNVD: CNNVD-201907-107 // 
            
            
            
            NVD: CVE-2019-7256

CREDITS
LiquidWorm
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-107

SOURCES
db:CNVDid:CNVD-2019-21274
db:VULHUBid:VHN-158691
db:VULMONid:CVE-2019-7256
db:JVNDBid:JVNDB-2019-005909
db:CNNVDid:CNNVD-201907-107
db:NVDid:CVE-2019-7256

LAST UPDATE DATE
2024-08-14T13:55:18.779000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-21274date:2019-07-05T00:00:00
db:VULHUBid:VHN-158691date:2023-03-01T00:00:00
db:VULMONid:CVE-2019-7256date:2023-03-01T00:00:00
db:JVNDBid:JVNDB-2019-005909date:2024-05-31T03:34:00
db:CNNVDid:CNNVD-201907-107date:2023-01-06T00:00:00
db:NVDid:CVE-2019-7256date:2024-08-13T19:20:23.200

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-21274date:2019-07-05T00:00:00
db:VULHUBid:VHN-158691date:2019-07-02T00:00:00
db:VULMONid:CVE-2019-7256date:2019-07-02T00:00:00
db:JVNDBid:JVNDB-2019-005909date:2019-07-04T00:00:00
db:CNNVDid:CNNVD-201907-107date:2019-07-02T00:00:00
db:NVDid:CVE-2019-7256date:2019-07-02T19:15:11.147