Details of VAR-201911-1311

ID

VAR-201911-1311

CVE

CVE-2019-15799

TITLE

Zyxel GS1900 Vulnerability related to privilege management in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-012187

DESCRIPTION

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password

Trust: 2.16

sources: NVD: CVE-2019-15799 // JVNDB: JVNDB-2019-012187 // CNVD: CNVD-2019-41667

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-41667

AFFECTED PRODUCTS

vendor:	zyxel	model:	gs1900-8	scope:	eq	version:	-	Trust: 1.2
vendor:	zyxel	model:	gs1900-8hp	scope:	eq	version:	-	Trust: 1.2
vendor:	zyxel	model:	gs1900-10hp	scope:	eq	version:	-	Trust: 1.2
vendor:	zyxel	model:	gs1900-24e	scope:	lt	version:	2.50\(aahk.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-24	scope:	lt	version:	2.50\(aahl.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-24hp	scope:	lt	version:	2.50\(aahm.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-10hp	scope:	lt	version:	2.50\(aazi.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-16	scope:	lt	version:	2.50\(aahj.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-48hp	scope:	lt	version:	2.50\(aaho.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-8	scope:	lt	version:	2.50\(aahh.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-8hp	scope:	lt	version:	2.50\(aahi.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-48	scope:	lt	version:	2.50\(aahn.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1900-10hp	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-16	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-24	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-24e	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-24hp	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-48	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-48hp	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-8	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900-8hp	scope:	lt	version:	2.50(aahh.0)c0	Trust: 0.8
vendor:	zyxel	model:	gs1900 <2.50 c0	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	gs1900-8	scope:	eq	version:	2.40	Trust: 0.6
vendor:	zyxel	model:	gs1900-16	scope:	eq	version:	-	Trust: 0.6
vendor:	zyxel	model:	gs1900-8hp	scope:	eq	version:	2.40	Trust: 0.6
vendor:	zyxel	model:	gs1900-10hp	scope:	eq	version:	2.40	Trust: 0.6

sources: CNVD: CNVD-2019-41667 // JVNDB: JVNDB-2019-012187 // CNNVD: CNNVD-201911-991 // NVD: CVE-2019-15799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15799
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15799
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-41667
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201911-991
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-15799
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-41667
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15799
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15799
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-41667 // JVNDB: JVNDB-2019-012187 // CNNVD: CNNVD-201911-991 // NVD: CVE-2019-15799

PROBLEMTYPE DATA

problemtype:

CWE-269

Trust: 1.8

sources: JVNDB: JVNDB-2019-012187 // NVD: CVE-2019-15799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-991

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-991

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012187

PATCH

title:	Zyxel security advisory for GS1900 switch vulnerabilities	url:	https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml	Trust: 0.8
title:	Patch for Unknown vulnerabilities in ZyXEL GS1900	url:	https://www.cnvd.org.cn/patchInfo/show/191511	Trust: 0.6
title:	ZyXEL GS1900 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102961	Trust: 0.6

sources: CNVD: CNVD-2019-41667 // JVNDB: JVNDB-2019-012187 // CNNVD: CNNVD-201911-991

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15799	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012187	Trust: 0.8
db:	CNVD	id:	CNVD-2019-41667	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-991	Trust: 0.6

sources: CNVD: CNVD-2019-41667 // JVNDB: JVNDB-2019-012187 // CNNVD: CNNVD-201911-991 // NVD: CVE-2019-15799

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-15799	Trust: 2.0
url:	https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html	Trust: 1.6
url:	https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml	Trust: 1.6
url:	https://vimeo.com/354726424	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15799	Trust: 0.8

sources: CNVD: CNVD-2019-41667 // JVNDB: JVNDB-2019-012187 // CNNVD: CNNVD-201911-991 // NVD: CVE-2019-15799

SOURCES

db:	CNVD	id:	CNVD-2019-41667
db:	JVNDB	id:	JVNDB-2019-012187
db:	CNNVD	id:	CNNVD-201911-991
db:	NVD	id:	CVE-2019-15799

LAST UPDATE DATE

2024-11-23T22:58:28.526000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-41667	date:	2019-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-012187	date:	2019-11-27T00:00:00
db:	CNNVD	id:	CNNVD-201911-991	date:	2019-12-02T00:00:00
db:	NVD	id:	CVE-2019-15799	date:	2024-11-21T04:29:29.333

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-41667	date:	2019-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-012187	date:	2019-11-27T00:00:00
db:	CNNVD	id:	CNNVD-201911-991	date:	2019-11-14T00:00:00
db:	NVD	id:	CVE-2019-15799	date:	2019-11-14T21:15:11.623