Sign-up

ID

VAR-201911-1312


CVE

CVE-2019-15800


TITLE

Zyxel GS1900 Vulnerability related to input validation in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-012183

DESCRIPTION

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.). Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. A security vulnerability exists in Zyxel GS1900 using firmware version 2.50 (AAHH.0) prior to C0, which is due to missing input in the 'cmd_sys_traceroute_exec()', 'cmd_sys_arp_clear()', and 'cmd_sys_ping_exec()' functions in the libclicmd.so library Verification check. An attacker could exploit this vulnerability to execute arbitrary code on the switch

Trust: 2.16

sources: NVD: CVE-2019-15800 // JVNDB: JVNDB-2019-012183 // CNVD: CNVD-2019-41672

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41672

AFFECTED PRODUCTS

vendor:zyxelmodel:gs1900-24escope:ltversion:2.50\(aahk.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-24scope:ltversion:2.50\(aahl.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-24hpscope:ltversion:2.50\(aahm.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-10hpscope:ltversion:2.50\(aazi.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-16scope:ltversion:2.50\(aahj.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-48hpscope:ltversion:2.50\(aaho.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-8scope:ltversion:2.50\(aahh.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-8hpscope:ltversion:2.50\(aahi.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-48scope:ltversion:2.50\(aahn.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-10hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-16scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-24scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-24escope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-24hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-48scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-48hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-8scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-8hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900 <2.50 c0scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41672 // JVNDB: JVNDB-2019-012183 // NVD: CVE-2019-15800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15800
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15800
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-41672
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-992
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15800
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41672
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15800
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15800
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41672 // JVNDB: JVNDB-2019-012183 // CNNVD: CNNVD-201911-992 // NVD: CVE-2019-15800

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-012183 // NVD: CVE-2019-15800

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-992

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201911-992

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012183

PATCH
title:Zyxel security advisory for GS1900 switch vulnerabilitiesurl:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml
Trust: 0.8
title:Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41672)url:https://www.cnvd.org.cn/patchInfo/show/191499
Trust: 0.6
title:ZyXEL GS1900 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103376
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41672 // 
            
            
            
            JVNDB: JVNDB-2019-012183 // 
            
            
            
            CNNVD: CNNVD-201911-992

EXTERNAL IDS
db:NVDid:CVE-2019-15800
Trust: 3.0
db:JVNDBid:JVNDB-2019-012183
Trust: 0.8
db:CNVDid:CNVD-2019-41672
Trust: 0.6
db:CNNVDid:CNNVD-201911-992
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41672 // 
            
            
            
            JVNDB: JVNDB-2019-012183 // 
            
            
            
            CNNVD: CNNVD-201911-992 // 
            
            
            
            NVD: CVE-2019-15800

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15800
Trust: 2.0
url:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html
Trust: 1.6
url:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15800
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41672 // 
            
            
            
            JVNDB: JVNDB-2019-012183 // 
            
            
            
            CNNVD: CNNVD-201911-992 // 
            
            
            
            NVD: CVE-2019-15800

SOURCES
db:CNVDid:CNVD-2019-41672
db:JVNDBid:JVNDB-2019-012183
db:CNNVDid:CNNVD-201911-992
db:NVDid:CVE-2019-15800

LAST UPDATE DATE
2024-11-23T23:08:12.662000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41672date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012183date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-992date:2020-09-02T00:00:00
db:NVDid:CVE-2019-15800date:2024-11-21T04:29:29.487

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41672date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012183date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-992date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15800date:2019-11-14T21:15:11.687