CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exagrid.com/exagrid-products/resources/	Vendor Advisory
https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:exagrid:backup_appliance_firmware:48.1.1044.p50:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:backup_appliance:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-03 19:29

Updated : 2024-02-28 17:08

NVD link : CVE-2019-12310

Mitre link : CVE-2019-12310

CVE.ORG link : CVE-2019-12310

JSON object : View

Products Affected

exagrid

backup_appliance
backup_appliance_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2019-12310", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-06-03T19:29:01.923", "references": [{"url": "https://exagrid.com/exagrid-products/resources/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device."}, {"lang": "es", "value": "Los dispositivos ExaGrid con versi\u00f3n de firmware v4.8.1.1044.P50 tienen una vulnerabilidad de / monitor / data / Upgrade / directory transversal, que permite a los atacantes remotos ver y recuperar informaci\u00f3n de registro detallado. Se observ\u00f3 que los archivos dentro de este directorio conten\u00edan informaci\u00f3n confidencial en tiempo de ejecuci\u00f3n, incluidas las credenciales de \"soporte\" codificadas en Base64, lo que lleva al acceso administrativo del dispositivo."}], "lastModified": "2019-06-04T19:08:47.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:exagrid:backup_appliance_firmware:48.1.1044.p50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E63C15A3-EF92-4EE2-AE84-594A1284BC82"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:exagrid:backup_appliance:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2733CE0F-4616-40CC-9B73-B324E13E3EE8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}