CVE-2019-19898 - OpenCVE

In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ixpdata	Easyinstall

Configuration 1 [-]

cpe:2.3:a:ixpdata:easyinstall:6.2.13723:*:*:*:*:*:*:*

References

Link	Resource
https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-23T20:54:30

Updated: 2020-01-23T20:54:30

Reserved: 2019-12-18T00:00:00

Link: CVE-2019-19898

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-23T21:15:12.913

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-19898

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-23T20:54:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", "refsource": "MISC", "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19898", "datePublished": "2020-01-23T20:54:30", "dateReserved": "2019-12-18T00:00:00", "dateUpdated": "2020-01-23T20:54:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ixpdata:easyinstall:6.2.13723:*:*:*:*:*:*:*", "matchCriteriaId": "2DB7A52C-78F3-413E-BD11-B69BACCFC4C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely."}, {"lang": "es", "value": "En IXP EasyInstall versi\u00f3n 6.2.13723, se presentan credenciales en texto plano en la comunicaci\u00f3n de red sobre el puerto TCP 20050 cuando se usa la consola de Administrador remotamente."}], "id": "CVE-2019-19898", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-23T21:15:12.913", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}, {"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}