Sign-up

ID

VAR-201907-0163


CVE

CVE-2019-7262


TITLE

Linear eMerge E3  Cross-site request forgery vulnerability in series devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005915

DESCRIPTION

Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). (DoS) It may be in a state. Nortek Security&Control Linear eMerge E3-Series is an access control device from Nortek Security&Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2019-7262 // JVNDB: JVNDB-2019-005915 // VULHUB: VHN-158697

AFFECTED PRODUCTS

vendor:nortekcontrolmodel:linear emerge essentialscope:lteversion:1.00-06

Trust: 1.0

vendor:nortekcontrolmodel:linear emerge elitescope:lteversion:1.00-06

Trust: 1.0

vendor:nortekmodel:linear emerge elitescope: - version: -

Trust: 0.8

vendor:nortekmodel:linear emerge essentialscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-005915 // NVD: CVE-2019-7262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7262
value: HIGH

Trust: 1.0

NVD: CVE-2019-7262
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-099
value: HIGH

Trust: 0.6

VULHUB: VHN-158697
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7262
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158697
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7262
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-7262
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158697 // JVNDB: JVNDB-2019-005915 // CNNVD: CNNVD-201907-099 // NVD: CVE-2019-7262

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.1

problemtype:Cross-site request forgery (CWE-352) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-158697 // JVNDB: JVNDB-2019-005915 // NVD: CVE-2019-7262

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-099

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201907-099

PATCH

title:eMerge E3-Series Access Controlurl:https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2019-005915

EXTERNAL IDS

db:NVDid:CVE-2019-7262

Trust: 3.3

db:PACKETSTORMid:155263

Trust: 1.7

db:ICS CERTid:ICSA-24-065-01

Trust: 0.8

db:JVNid:JVNVU96911165

Trust: 0.8

db:JVNDBid:JVNDB-2019-005915

Trust: 0.8

db:CNNVDid:CNNVD-201907-099

Trust: 0.7

db:EXPLOIT-DBid:47620

Trust: 0.6

db:VULHUBid:VHN-158697

Trust: 0.1

sources: VULHUB: VHN-158697 // JVNDB: JVNDB-2019-005915 // CNNVD: CNNVD-201907-099 // NVD: CVE-2019-7262

REFERENCES

url:https://www.applied-risk.com/resources/ar-2019-005

Trust: 2.5

url:http://packetstormsecurity.com/files/155263/nortek-linear-emerge-e3-access-control-cross-site-request-forgery.html

Trust: 1.7

url:https://applied-risk.com/labs/advisories

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-7262

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96911165/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01

Trust: 0.8

url:https://www.exploit-db.com/exploits/47620

Trust: 0.6

sources: VULHUB: VHN-158697 // JVNDB: JVNDB-2019-005915 // CNNVD: CNNVD-201907-099 // NVD: CVE-2019-7262

CREDITS

LiquidWorm

Trust: 0.6

sources: CNNVD: CNNVD-201907-099

SOURCES

db:VULHUBid:VHN-158697
db:JVNDBid:JVNDB-2019-005915
db:CNNVDid:CNNVD-201907-099
db:NVDid:CVE-2019-7262

LAST UPDATE DATE

2024-08-14T13:55:18.683000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158697date:2019-11-12T00:00:00
db:JVNDBid:JVNDB-2019-005915date:2024-03-07T08:28:00
db:CNNVDid:CNNVD-201907-099date:2019-11-13T00:00:00
db:NVDid:CVE-2019-7262date:2022-10-14T01:14:27.337

SOURCES RELEASE DATE

db:VULHUBid:VHN-158697date:2019-07-02T00:00:00
db:JVNDBid:JVNDB-2019-005915date:2019-07-04T00:00:00
db:CNNVDid:CNNVD-201907-099date:2019-07-02T00:00:00
db:NVDid:CVE-2019-7262date:2019-07-02T18:15:12.143