CVE-2019-12804 - OpenCVE

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hunesion	I-onenet

Configuration 1 [-]

OR	cpe:2.3:a:hunesion:i-onenet::::::::
	cpe:2.3:a:hunesion:i-onenet::::::::

No data.

References

Link	Providers
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2019-07-10T19:38:09

Updated: 2024-08-04T23:32:55.511Z

Reserved: 2019-06-13T00:00:00

Link: CVE-2019-12804

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-10T20:15:12.420

Modified: 2023-02-28T17:59:41.257

Link: CVE-2019-12804

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "i-oneNet", "vendor": "Hunesion", "versions": [{"status": "affected", "version": "3.0.7~3.0.53"}, {"status": "affected", "version": "4.0.4~4.0.16"}]}], "descriptions": [{"lang": "en", "value": "In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-353", "description": "CWE-353 Missing Support for Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-10T19:38:09", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073"}], "source": {"discovery": "UNKNOWN"}, "title": "Hunesion i-oneNet Missing Support for Integrity Check vulnerability", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-12804", "STATE": "PUBLIC", "TITLE": "Hunesion i-oneNet Missing Support for Integrity Check vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "i-oneNet", "version": {"version_data": [{"version_name": "3.0", "version_value": "3.0.7~3.0.53"}, {"version_name": "4.0", "version_value": "4.0.4~4.0.16"}]}}]}, "vendor_name": "Hunesion"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-353 Missing Support for Integrity Check"}]}]}, "references": {"reference_data": [{"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073", "refsource": "CONFIRM", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2019-12804", "datePublished": "2019-07-10T19:38:09", "dateReserved": "2019-06-13T00:00:00", "dateUpdated": "2024-08-04T23:32:55.511Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hunesion:i-onenet:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7342CC1-2360-4463-9CFE-41CD69D711D8", "versionEndIncluding": "3.0.53", "versionStartIncluding": "3.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hunesion:i-onenet:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A5A2F68-24D6-4E66-81DB-AC0E320079ED", "versionEndIncluding": "4.0.16", "versionStartIncluding": "4.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update."}, {"lang": "es", "value": "En Hunesion i-oneNet versiones 3.0.7 hasta 3.0.53 y 4.0.4 hasta 4.0.16, debido a la falta de comprobaci\u00f3n de la integridad del archivo de actualizaci\u00f3n en el proceso de actualizaci\u00f3n, un atacante puede dise\u00f1ar un archivo malicioso y usarlo como una actualizaci\u00f3n."}], "id": "CVE-2019-12804", "lastModified": "2023-02-28T17:59:41.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-10T20:15:12.420", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-353"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}