CVE-2019-14474

Exploit

EPSS 0.22%
Veröffentlicht 07.08.2019 18:15:13
Zuletzt bearbeitet 21.11.2024 04:26:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can start this attack too.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eq-3 ≫ Ccu3 Firmware Version <= 3.47.15

Eq-3 ≫ Ccu3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.414

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://psytester.github.io/CVE-2019-14474

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-14474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-14474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-14474

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-14474