CVE-2019-7387

Published Feb 4, 2019

Last updated 6 years ago

CVSS medium 6.5

Overview

Description: A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:systrome:isg-600c_firmware:1.1-r2.1_trunk-20180914:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A432A82-F0B8-4FA6-AF37-52223EABF84D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:systrome:isg-600c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "243A6566-F147-4570-8202-83EEED89E979"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:systrome:isg-600h_firmware:1.1-r2.1_trunk-20180914:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC395883-1101-4835-83B5-B898BD5F7EC1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:systrome:isg-600h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0028BB03-5133-438F-965D-D340ECC140A7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:systrome:isg-800w_firmware:1.1-r2.1_trunk-20180914:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFB2602D-0D41-49B2-92C1-FDC8D90DBC48"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:systrome:isg-800w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FFDBA22-57B3-492A-9813-0C8591844C68"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References