CVE-2019-9530 - OpenCVE

The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cobham	Explorer 710 Explorer 710 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*

cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.cert.org/vuls/id/719689/

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2019-10-10T20:09:47.669417Z

Updated: 2024-09-16T17:14:11.909Z

Reserved: 2019-03-01T00:00:00

Link: CVE-2019-9530

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-10T20:15:11.270

Modified: 2021-10-26T20:17:51.297

Link: CVE-2019-9530

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Explorer 710", "vendor": "Cobham plc", "versions": [{"status": "affected", "version": "1.07"}]}], "credits": [{"lang": "en", "value": "This issue was found by Kyle O'Meara and David Belasco."}], "datePublic": "2019-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-10T20:09:47", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#719689", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/719689/"}], "source": {"discovery": "UNKNOWN"}, "title": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2019-10-09T04:00:00.000Z", "ID": "CVE-2019-9530", "STATE": "PUBLIC", "TITLE": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Explorer 710", "version": {"version_data": [{"version_affected": "=", "version_name": "1.07", "version_value": "1.07"}]}}]}, "vendor_name": "Cobham plc"}]}}, "credit": [{"lang": "eng", "value": "This issue was found by Kyle O'Meara and David Belasco."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "VU#719689", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/719689/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:44.562Z"}, "title": "CVE Program Container", "references": [{"name": "VU#719689", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://kb.cert.org/vuls/id/719689/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9530", "datePublished": "2019-10-10T20:09:47.669417Z", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-09-16T17:14:11.909Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "ADA493F5-3AA0-4A1E-81CD-1AE01B9BD4D8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEF6DB4B-2304-4E4C-92A1-BAF622E39BF1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."}, {"lang": "es", "value": "El directorio root web del Cobham EXPLORER 710, versi\u00f3n de firmware 1.07, no presenta restricciones de acceso para descargar y leer todos los archivos. Esto podr\u00eda permitir que un atacante local no autenticado conectado al dispositivo acceda y descargue cualquier archivo encontrado en el directorio root web."}], "id": "CVE-2019-9530", "lastModified": "2021-10-26T20:17:51.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-10T20:15:11.270", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/719689/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cret@cert.org", "type": "Secondary"}]}