CVE-2019-20697 - OpenCVE

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Gs728tpp Firmware Gs728tp Gs752tp Gs728tpp Gs750e Firmware Gs750e Gs728tp Firmware Gs752tp Firmware Gs752tpp Firmware Gs752tpp

Configuration 1 [-]

AND

cpe:2.3:o:netgear:gs728tpp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:gs728tpp:v2:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:gs728tp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:gs728tp:v2:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:gs750e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:gs750e:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:gs752tpp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:gs752tpp:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:gs752tp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:gs752tp:v2:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-16T14:33:33

Updated: 2020-04-16T14:33:33

Reserved: 2020-04-15T00:00:00

Link: CVE-2019-20697

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-16T19:15:23.760

Modified: 2020-04-22T14:20:45.060

Link: CVE-2019-20697

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:L/I:L/PR:N/S:C/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-16T14:33:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20697", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:L/I:L/PR:N/S:C/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066", "refsource": "CONFIRM", "url": "https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20697", "datePublished": "2020-04-16T14:33:33", "dateReserved": "2020-04-15T00:00:00", "dateUpdated": "2020-04-16T14:33:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:gs728tpp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2653FD-09E5-4538-981C-B0DB9D8F0CE8", "versionEndExcluding": "6.0.0.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:gs728tpp:v2:*:*:*:*:*:*:*", "matchCriteriaId": "FC4DE9FB-CAD5-45F9-A11C-1C20EE2FF3A1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:gs728tp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE90F6B4-5E72-4EC9-97E3-59D265B0A228", "versionEndExcluding": "6.0.0.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:gs728tp:v2:*:*:*:*:*:*:*", "matchCriteriaId": "7126D4F8-2E3C-478B-9BD2-8055DFB48D8D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:gs750e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "280C5BF4-B929-4853-B991-4E83A92C1E17", "versionEndExcluding": "1.0.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:gs750e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A56285CF-1BD8-4BB5-AC9C-9EDDFCFC9E5C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:gs752tpp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B097324-51FF-4ACB-A53B-B88B16AD4F61", "versionEndExcluding": "6.0.0.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:gs752tpp:-:*:*:*:*:*:*:*", "matchCriteriaId": "995D8E9F-7AE6-4A17-A728-7190FB2CE8BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:gs752tp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "87CD1D35-E150-44B0-9565-353ACC1BA92B", "versionEndExcluding": "6.0.0.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:gs752tp:v2:*:*:*:*:*:*:*", "matchCriteriaId": "CDD4D404-9A22-408B-89CF-5107B809CB90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por parte de un atacante no autenticado. Esto afecta a GS728TPPv2 versiones anteriores a 6.0.0.48, GS728TPv2 versiones anteriores a 6.0.0.48, GS750E versiones anteriores a 1.0.1.4, GS752TPP versiones anteriores a 6.0.0.48, y GS752TPv2 versiones anteriores a 6.0.0.48."}], "id": "CVE-2019-20697", "lastModified": "2020-04-22T14:20:45.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.3, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-16T19:15:23.760", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}