CVE-2019-3914 - OpenCVE

Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Verizon	Fios Quantum Gateway G1100 Fios Quantum Gateway G1100 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:verizon:fios_quantum_gateway_g1100:-:*:*:*:*:*:*:*

cpe:2.3:o:verizon:fios_quantum_gateway_g1100_firmware:02.01.00.05:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/research/tra-2019-17

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2019-04-11T13:53:37

Updated: 2024-08-04T19:26:27.491Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3914

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-11T14:29:00.233

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-3914

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fios Quantum Gateway (G1100)", "vendor": "Verizon", "versions": [{"status": "affected", "version": "Firmware version 02.01.00.05"}]}], "datePublic": "2019-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."}], "problemTypes": [{"descriptions": [{"description": "Authenticated Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-11T13:53:37", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2019-17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3914", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fios Quantum Gateway (G1100)", "version": {"version_data": [{"version_value": "Firmware version 02.01.00.05"}]}}]}, "vendor_name": "Verizon"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authenticated Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2019-17", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-17"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:26:27.491Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2019-17"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3914", "datePublished": "2019-04-11T13:53:37", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:verizon:fios_quantum_gateway_g1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E81990A-78BF-4045-ABF7-3F0C97442093", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:verizon:fios_quantum_gateway_g1100_firmware:02.01.00.05:*:*:*:*:*:*:*", "matchCriteriaId": "5FC5F8E3-3B4B-4305-B259-050F54FBF11F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de comandos remota en Fios Quantum Gateway (G1100) de Verizon versi\u00f3n de firmware 02.01.00.05, permite a un atacante remoto autenticado ejecutar comandos arbitrarios en el dispositivo de destino mediante la incorporaci\u00f3n de una regla de control de acceso para un objeto de red con un nombre de host creado."}], "id": "CVE-2019-3914", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-11T14:29:00.233", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-17"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}