CVE-2019-9529

{"id": "CVE-2019-9529", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-10-10T20:15:11.207", "references": [{"url": "https://kb.cert.org/vuls/id/719689/", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/719689/", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."}, {"lang": "es", "value": "El portal de aplicaciones web del Cobham EXPLORER 710, versi\u00f3n de firmware 1.07, no presenta autenticaci\u00f3n por defecto. Esto podr\u00eda permitir que un atacante local no autenticado conectado al dispositivo acceda al portal y realice cualquier cambio en el dispositivo."}], "lastModified": "2024-11-21T04:51:47.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADA493F5-3AA0-4A1E-81CD-1AE01B9BD4D8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DEF6DB4B-2304-4E4C-92A1-BAF622E39BF1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}