CVE-2019-6962 - Vulnerability Details - OpenCVE

A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00483.

Key SSVC decision points have not yet been added.

Vendors	Products
Rdkcentral	Rdkb Ccsppandm

Configuration 1 [-]

cpe:2.3:a:rdkcentral:rdkb_ccsppandm:rdkb-20181217-1:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-20T13:45:51

Updated: 2024-08-04T20:31:04.245Z

Reserved: 2019-01-25T00:00:00

Link: CVE-2019-6962

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-06-20T14:15:11.110

Modified: 2024-11-21T04:47:18.713

Link: CVE-2019-6962

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-17T00:00:00", "descriptions": [{"lang": "en", "value": "A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-20T13:45:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6962", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open", "refsource": "MISC", "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:31:04.245Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6962", "datePublished": "2019-06-20T13:45:51", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.245Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rdkcentral:rdkb_ccsppandm:rdkb-20181217-1:*:*:*:*:*:*:*", "matchCriteriaId": "2733315D-DC18-4435-AF7B-5BB9DA39C6DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module."}, {"lang": "es", "value": "Un problema de inyecci\u00f3n de shell en el m\u00f3dulo cosa_wifi_apis.c en el RDK RDKB-20181217-1 CcspWifiAgent permite a los atacantes con credenciales de inicio de sesi\u00f3n ejecutar comandos de shell arbitrarios bajo el proceso CcspWifiSsp (ejecut\u00e1ndose como root) si la plataforma se compil\u00f3 con la macro ENABLE_FEATURE_MESHWIFI. El ataque se lleva a cabo cambiando la contrase\u00f1a de la red Wi-Fi para incluir caracteres de escape dise\u00f1ados. Esto est\u00e1 relacionado con el m\u00f3dulo WebUI."}], "id": "CVE-2019-6962", "lastModified": "2024-11-21T04:47:18.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-20T14:15:11.110", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}