Sign-up

ID

VAR-201908-0830


CVE

CVE-2019-1839


TITLE

Cisco Remote PHY Vulnerability related to input validation in device software

Trust: 0.8

sources: JVNDB: JVNDB-2019-008756

DESCRIPTION

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. The following products and versions are affected: Cisco Remote PHY 120 prior to 6.4, Remote PHY 220 prior to 3.1, and Remote PHY Shelf 7200 prior to 1.2

Trust: 1.8

sources: NVD: CVE-2019-1839 // JVNDB: JVNDB-2019-008756 // VULHUB: VHN-150731 // VULMON: CVE-2019-1839

AFFECTED PRODUCTS

vendor:ciscomodel:remote phy shelf 7200scope:ltversion:1.2

Trust: 1.0

vendor:ciscomodel:cbr-8scope:eqversion:1.1

Trust: 1.0

vendor:ciscomodel:remote phy 220scope:ltversion:3.1

Trust: 1.0

vendor:ciscomodel:cbr-8scope:eqversion:6.1

Trust: 1.0

vendor:ciscomodel:cbr-8scope:eqversion:6.2

Trust: 1.0

vendor:ciscomodel:remote phy 120scope:ltversion:6.4

Trust: 1.0

vendor:ciscomodel:cbr-8scope: - version: -

Trust: 0.8

vendor:ciscomodel:remote phy 120scope: - version: -

Trust: 0.8

vendor:ciscomodel:remote phy 220scope: - version: -

Trust: 0.8

vendor:ciscomodel:remote phy shelf 7200scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008756 // NVD: CVE-2019-1839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1839
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1839
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1839
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-1659
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150731
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1839
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1839
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-150731
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1839
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1839
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-150731 // VULMON: CVE-2019-1839 // JVNDB: JVNDB-2019-008756 // CNNVD: CNNVD-201908-1659 // NVD: CVE-2019-1839 // NVD: CVE-2019-1839

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-150731 // JVNDB: JVNDB-2019-008756 // NVD: CVE-2019-1839

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1659

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201908-1659

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008756

PATCH
title:cisco-sa-20190821-rphyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-rphy
Trust: 0.8
title:Cisco Remote PHY Device Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97721
Trust: 0.6
title:Cisco: Cisco Remote PHY Device Software Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190821-rphy
Trust: 0.1
title: - url:https://github.com/ExpLangcn/FuYao-Go 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1839 // 
            
            
            
            JVNDB: JVNDB-2019-008756 // 
            
            
            
            CNNVD: CNNVD-201908-1659

EXTERNAL IDS
db:NVDid:CVE-2019-1839
Trust: 2.6
db:JVNDBid:JVNDB-2019-008756
Trust: 0.8
db:CNNVDid:CNNVD-201908-1659
Trust: 0.7
db:AUSCERTid:ESB-2019.3203
Trust: 0.6
db:VULHUBid:VHN-150731
Trust: 0.1
db:VULMONid:CVE-2019-1839
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150731 // 
            
            
            
            VULMON: CVE-2019-1839 // 
            
            
            
            JVNDB: JVNDB-2019-008756 // 
            
            
            
            CNNVD: CNNVD-201908-1659 // 
            
            
            
            NVD: CVE-2019-1839

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-rphy
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1839
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1839
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3203/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150731 // 
            
            
            
            JVNDB: JVNDB-2019-008756 // 
            
            
            
            CNNVD: CNNVD-201908-1659 // 
            
            
            
            NVD: CVE-2019-1839

SOURCES
db:VULHUBid:VHN-150731
db:VULMONid:CVE-2019-1839
db:JVNDBid:JVNDB-2019-008756
db:CNNVDid:CNNVD-201908-1659
db:NVDid:CVE-2019-1839

LAST UPDATE DATE
2024-11-23T23:04:43.708000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150731date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1839date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-008756date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-1659date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1839date:2024-11-21T04:37:30.377

SOURCES RELEASE DATE
db:VULHUBid:VHN-150731date:2019-08-21T00:00:00
db:VULMONid:CVE-2019-1839date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008756date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-1659date:2019-08-21T00:00:00
db:NVDid:CVE-2019-1839date:2019-08-21T19:15:14.153