8.8
CVE-2019-17219
- EPSS 0.1%
- Veröffentlicht 06.10.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vzug ≫ Combi-stream Mslq Firmware Version < ethernet_r07
Vzug ≫ Combi-stream Mslq Firmware Version < wlan_r05
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.245 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.8 | 6.5 | 6.4 |
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.