CVE-2019-19941

{"id": "CVE-2019-19941", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-03-16T16:15:12.250", "references": [{"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.swisscom.ch/en/residential/help/device/internet-router.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.swisscom.ch/en/residential/help/device/internet-router.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS."}, {"lang": "es", "value": "Una falta de comprobaci\u00f3n de nombre de host en Swisscom Centro Grande versiones anteriores a 6.16.12, permite a un atacante remoto inyectar su direcci\u00f3n IP local como una entrada de dominio en el servicio DNS del enrutador por medio de nombres de host dise\u00f1ados en peticiones DHCP, causando un ataque de tipo XSS."}], "lastModified": "2024-11-21T04:35:42.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisscom:centro_grande_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E8E8E27-0B4A-4CB9-9E1A-A219F59DFC1C", "versionEndExcluding": "6.14.06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisscom:centro_grande:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66E1FEB3-60B0-4394-9953-2B8D238174D7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}