CVE-2019-16110

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.

CVSS v3 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://sigint.sh/#/cve-2019-16110	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:blade-group:shadow:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-14 17:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-16110

Mitre link : CVE-2019-16110

CVE.ORG link : CVE-2019-16110

JSON object : View

Products Affected

blade-group

shadow

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-16110", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-11-14T17:15:24.913", "references": [{"url": "https://sigint.sh/#/cve-2019-16110", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream."}, {"lang": "es", "value": "El protocolo de red de Blade Shadow, versiones hasta la versi\u00f3n 2.13.3, permite a los atacantes remotos tomar el control de una instancia Shadow y ejecutar c\u00f3digo arbitrario solo conociendo la direcci\u00f3n IP de la v\u00edctima, porque los datos del paquete pueden ser inyectados en el flujo de paquetes UDP no cifrados."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blade-group:shadow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C781D189-81A7-4CE6-ADC0-D9B6E4DDF53C", "versionEndIncluding": "2.13.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}