CVE-2019-5319 - OpenCVE

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Scalance W1750d Firmware Scalance W1750d
Arubanetworks	Instant

Configuration 1 [-]

OR	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::
	cpe:2.3:o:arubanetworks:instant::::::::

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf	Patch Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2021-03-30T01:45:47

Updated: 2021-05-11T12:06:42

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5319

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-30T02:15:16.093

Modified: 2022-10-07T01:06:26.517

Link: CVE-2019-5319

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"containers": {"cna": {"affected": [{"product": "Aruba Instant Access Points", "vendor": "n/a", "versions": [{"status": "affected", "version": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"}, {"status": "affected", "version": "Aruba Instant 6.5.x: 6.5.4.16 and below"}, {"status": "affected", "version": "Aruba Instant 8.3.x: 8.3.0.12 and below"}, {"status": "affected", "version": "Aruba Instant 8.5.x: 8.5.0.6 and below"}, {"status": "affected", "version": "Aruba Instant 8.6.x: 8.6.0.2 and below"}]}], "descriptions": [{"lang": "en", "value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."}], "problemTypes": [{"descriptions": [{"description": "remote buffer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-11T12:06:42", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2019-5319", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba Instant Access Points", "version": {"version_data": [{"version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below"}, {"version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below"}, {"version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below"}, {"version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below"}, {"version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote buffer overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2019-5319", "datePublished": "2021-03-30T01:45:47", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2021-05-11T12:06:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "matchCriteriaId": "594125E5-3B50-4D78-A36E-377D637E3F7B", "versionEndIncluding": "6.4.4.8-4.2.4.17", "versionStartIncluding": "6.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "matchCriteriaId": "737C67B1-4A51-49A9-B0D6-B27DDD184AD4", "versionEndExcluding": "6.5.4.17", "versionStartIncluding": "6.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "matchCriteriaId": "53DD06C6-1746-4961-AABE-D92147A10859", "versionEndExcluding": "8.3.0.13", "versionStartIncluding": "8.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "matchCriteriaId": "50EFCD61-95EA-4D50-9EB4-8CB11C849962", "versionEndExcluding": "8.5.0.7", "versionStartIncluding": "8.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*", "matchCriteriaId": "62E74FC3-5F40-4ACE-8B83-BE28BC92AB1E", "versionEndExcluding": "8.6.0.3", "versionStartIncluding": "8.6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D7126AE-7675-4607-A81C-F5D0DA2CF3F8", "versionEndExcluding": "8.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer remoto en algunos productos Aruba Instant Access Point (IAP) en versiones: Aruba Instant versiones 6.4.x: 6.4.4.8-4.2.4.17 y anteriores; Aruba Instant versiones 6.5.x: 6.5.4.16 y anteriores; Aruba Instant versiones 8.3.x: 8.3.0.12 y anteriores; Aruba Instant versiones 8.5.x: 8.5.0.6 y anteriores; Aruba Instant versiones 8.6.x: 8.6.0.2 y anteriores. Aruba ha lanzado parches para Aruba Instant que abordan esta vulnerabilidad de seguridad."}], "id": "CVE-2019-5319", "lastModified": "2022-10-07T01:06:26.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-30T02:15:16.093", "references": [{"source": "security-alert@hpe.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"}, {"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}