Details of VAR-202004-0908

ID

VAR-202004-0908

CVE

CVE-2019-20699

TITLE

plural NETGEAR Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-015399

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations

Trust: 2.16

sources: NVD: CVE-2019-20699 // JVNDB: JVNDB-2019-015399 // CNVD: CNVD-2020-30762

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-30762

AFFECTED PRODUCTS

vendor:	netgear	model:	gs105pe	scope:	lt	version:	1.6.0.4	Trust: 1.6
vendor:	netgear	model:	gs408epp	scope:	lt	version:	1.0.0.15	Trust: 1.6
vendor:	netgear	model:	gs808e	scope:	lt	version:	1.7.0.7	Trust: 1.6
vendor:	netgear	model:	gs908e	scope:	lt	version:	1.7.0.3	Trust: 1.6
vendor:	netgear	model:	gss108e	scope:	lt	version:	1.6.0.4	Trust: 1.6
vendor:	netgear	model:	gss108epp	scope:	lt	version:	1.0.0.15	Trust: 1.6
vendor:	netgear	model:	gs105e	scope:	lt	version:	1.6.0.4	Trust: 1.0
vendor:	netgear	model:	gs105e	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gs105pe prosafe plus switch	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gs408epp	scope:	eq	version:	1.0.0.15	Trust: 0.8
vendor:	netgear	model:	gs808e	scope:	eq	version:	1.7.0.7	Trust: 0.8
vendor:	netgear	model:	gs908e	scope:	eq	version:	1.7.0.3	Trust: 0.8
vendor:	netgear	model:	gss108e	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gss108epp	scope:	eq	version:	1.0.0.15	Trust: 0.8
vendor:	netgear	model:	gs105ev2	scope:	lt	version:	1.6.0.4	Trust: 0.6

sources: CNVD: CNVD-2020-30762 // JVNDB: JVNDB-2019-015399 // NVD: CVE-2019-20699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20699
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2019-20699
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015399
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-30762
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-1283
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-20699
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015399
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-30762
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20699
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20699
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015399
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-30762 // JVNDB: JVNDB-2019-015399 // CNNVD: CNNVD-202004-1283 // NVD: CVE-2019-20699 // NVD: CVE-2019-20699

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-015399 // NVD: CVE-2019-20699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1283

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1283

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015399

PATCH

title:	Security Advisory for Pre-Authentication Buffer Overflow on Some Switches, PSV-2018-0538	url:	https://kb.netgear.com/000061230/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Switches-PSV-2018-0538	Trust: 0.8
title:	Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-30762)	url:	https://www.cnvd.org.cn/patchInfo/show/219497	Trust: 0.6
title:	Multiple NETGEAR Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116554	Trust: 0.6

sources: CNVD: CNVD-2020-30762 // JVNDB: JVNDB-2019-015399 // CNNVD: CNNVD-202004-1283

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20699	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015399	Trust: 0.8
db:	CNVD	id:	CNVD-2020-30762	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1283	Trust: 0.6

sources: CNVD: CNVD-2020-30762 // JVNDB: JVNDB-2019-015399 // CNNVD: CNNVD-202004-1283 // NVD: CVE-2019-20699

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20699	Trust: 2.0
url:	https://kb.netgear.com/000061230/security-advisory-for-pre-authentication-buffer-overflow-on-some-switches-psv-2018-0538	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20699	Trust: 0.8

sources: CNVD: CNVD-2020-30762 // JVNDB: JVNDB-2019-015399 // CNNVD: CNNVD-202004-1283 // NVD: CVE-2019-20699

CREDITS

nstarke

Trust: 0.6

sources: CNNVD: CNNVD-202004-1283

SOURCES

db:	CNVD	id:	CNVD-2020-30762
db:	JVNDB	id:	JVNDB-2019-015399
db:	CNNVD	id:	CNNVD-202004-1283
db:	NVD	id:	CVE-2019-20699

LAST UPDATE DATE

2024-11-23T22:44:36.709000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-30762	date:	2020-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-015399	date:	2020-05-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-1283	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2019-20699	date:	2024-11-21T04:39:06.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-30762	date:	2020-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-015399	date:	2020-05-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-1283	date:	2020-04-16T00:00:00
db:	NVD	id:	CVE-2019-20699	date:	2020-04-16T19:15:23.900