CVE-2019-15015 - OpenCVE

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zingbox	Inspector

Configuration 1 [-]

cpe:2.3:a:zingbox:inspector:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2019-15015

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2019-10-09T20:20:28

Updated: 2024-08-05T00:34:52.975Z

Reserved: 2019-08-13T00:00:00

Link: CVE-2019-15015

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-09T21:15:12.680

Modified: 2023-02-04T00:18:23.647

Link: CVE-2019-15015

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Palo Alto Networks Zingbox Inspector", "vendor": "n/a", "versions": [{"status": "affected", "version": "Zingbox Inspector, versions 1.294 and earlier."}]}], "descriptions": [{"lang": "en", "value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."}], "problemTypes": [{"descriptions": [{"description": "Use of Hard-coded Credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T16:03:47", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2019-15015"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "ID": "CVE-2019-15015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Palo Alto Networks Zingbox Inspector", "version": {"version_data": [{"version_value": "Zingbox Inspector, versions 1.294 and earlier."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2019-15015", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2019-15015"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:52.975Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2019-15015"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2019-15015", "datePublished": "2019-10-09T20:20:28", "dateReserved": "2019-08-13T00:00:00", "dateUpdated": "2024-08-05T00:34:52.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zingbox:inspector:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B80B554-4953-4738-8DBE-AD1BAC6C7254", "versionEndIncluding": "1.294", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system."}, {"lang": "es", "value": "En Zingbox Inspector, versiones 1.294 y anteriores, las credenciales embebidas para las cuentas de usuario root e inspector est\u00e1n presentes en el software del sistema, lo que puede resultar en que usuarios no autorizados consigan acceso al sistema."}], "id": "CVE-2019-15015", "lastModified": "2023-02-04T00:18:23.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-09T21:15:12.680", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Third Party Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2019-15015"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}