Sign-up

ID

VAR-202103-0053


CVE

CVE-2019-5317


TITLE

Aruba Instant Access Point  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016236

DESCRIPTION

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Aruba Instant Access Point (IAP) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2019-5317 // JVNDB: JVNDB-2019-016236 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2019-5317

AFFECTED PRODUCTS

vendor:arubanetworksmodel:instantscope:gteversion:8.4.0.0

Trust: 1.0

vendor:arubanetworksmodel:instantscope:gteversion:8.3.0.0

Trust: 1.0

vendor:arubanetworksmodel:instantscope:ltversion:6.5.4.16

Trust: 1.0

vendor:arubanetworksmodel:instantscope:gteversion:6.5.0.0

Trust: 1.0

vendor:arubanetworksmodel:instantscope:ltversion:8.5.0.7

Trust: 1.0

vendor:arubanetworksmodel:instantscope:ltversion:8.3.0.12

Trust: 1.0

vendor:arubanetworksmodel:instantscope:gteversion:6.4.0.0

Trust: 1.0

vendor:arubanetworksmodel:instantscope:gteversion:8.5.0.0

Trust: 1.0

vendor:arubanetworksmodel:instantscope:ltversion:8.4.0.6

Trust: 1.0

vendor:arubanetworksmodel:instantscope:lteversion:6.4.4.8-4.2.4.18

Trust: 1.0

vendor:arubanetworksmodel:instantscope:ltversion:8.6.0.3

Trust: 1.0

vendor:arubanetworksmodel:instantscope:gteversion:8.6.0.0

Trust: 1.0

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:6.4.4.8-4.2.4.18 for up to 6.4.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:6.5.4.15 for up to 6.5.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.4.0.5 for up to 8.4.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.3.0.11 for up to 8.3.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion: -

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.5.0.6 for up to 8.5.x

Trust: 0.8

vendor:アルバネットワークス株式会社model:aruba instantscope:eqversion:8.6.0.2 for up to 8.6.x

Trust: 0.8

sources: JVNDB: JVNDB-2019-016236 // NVD: CVE-2019-5317

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-5317
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1622
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-5317
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-5317
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2019-5317
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5317
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-5317 // JVNDB: JVNDB-2019-016236 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1622 // NVD: CVE-2019-5317

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016236 // NVD: CVE-2019-5317

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2019-5317

PATCH
title:ARUBA-PSA-2021-007url:https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt
Trust: 0.8
title:Aruba Access Points Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146185
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b1ac2d6b2f8faa082fe9da88ef8fd61d
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5317 // 
            
            
            
            JVNDB: JVNDB-2019-016236 // 
            
            
            
            CNNVD: CNNVD-202103-1622

EXTERNAL IDS
db:NVDid:CVE-2019-5317
Trust: 2.5
db:SIEMENSid:SSA-723417
Trust: 1.7
db:JVNid:JVNVU91051134
Trust: 0.8
db:JVNDBid:JVNDB-2019-016236
Trust: 0.8
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021051407
Trust: 0.6
db:ICS CERTid:ICSA-21-131-14
Trust: 0.6
db:CNNVDid:CNNVD-202103-1622
Trust: 0.6
db:VULMONid:CVE-2019-5317
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5317 // 
            
            
            
            JVNDB: JVNDB-2019-016236 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202103-1622 // 
            
            
            
            NVD: CVE-2019-5317

REFERENCES
url:https://www.arubanetworks.com/assets/alert/aruba-psa-2021-007.txt
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5317
Trust: 1.4
url:https://jvn.jp/vu/jvnvu91051134/
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-14
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021051407
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5317 // 
            
            
            
            JVNDB: JVNDB-2019-016236 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202103-1622 // 
            
            
            
            NVD: CVE-2019-5317

CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202103-1622

SOURCES
db:VULMONid:CVE-2019-5317
db:JVNDBid:JVNDB-2019-016236
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202103-1622
db:NVDid:CVE-2019-5317

LAST UPDATE DATE
2022-05-05T07:04:56.111000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-5317date:2021-05-11T00:00:00
db:JVNDBid:JVNDB-2019-016236date:2021-12-06T07:04:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202103-1622date:2021-08-11T00:00:00
db:NVDid:CVE-2019-5317date:2021-05-11T13:15:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-5317date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2019-016236date:2021-12-06T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202103-1622date:2021-03-29T00:00:00
db:NVDid:CVE-2019-5317date:2021-03-29T16:15:00