CVE-2019-5017

EPSS 0.38%
Veröffentlicht 17.06.2019 21:15:09
Zuletzt bearbeitet 21.11.2024 04:44:11
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ R8000 Firmware Version1.0.4.28_10.1.54

Netgear ≫ R8000 Version-

Kcodes ≫ Netusb.Ko Version1.0.2.66

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.586

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
talos-cna@cisco.com	5.8	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/108827

Broken Link

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0776

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5017

EUVD