cvelistv5 - CVE-2019-6026

CVE-2019-6026 (GCVE-0-2019-6026)

Vulnerability from cvelistv5

Published

2019-12-26 15:16

Modified

2024-08-04 20:16

Severity ?

CWE

Privilege escalation

Summary

References

URL

	Vendor	Product	Version
	MOTEX.Inc	Multiple MOTEX products	Version: LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)

CVE-2019-6026

Vulnerability from jvndb

Published

2019-12-03 13:34

Modified

2019-12-03 13:34

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple MOTEX products vulnerable to privilege escalation

Details

LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN49068796/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6026
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6026
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	MOTEX Inc.	LanScope An
	MOTEX Inc.	LanScope Cat

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000072.html",
  "dc:date": "2019-12-03T13:34+09:00",
  "dcterms:issued": "2019-12-03T13:34+09:00",
  "dcterms:modified": "2019-12-03T13:34+09:00",
  "description": "LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability.\r\n\r\nMitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000072.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:motex:lanscope_an",
      "@product": "LanScope An",
      "@vendor": "MOTEX Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:motex:lanscope_cat",
      "@product": "LanScope Cat",
      "@vendor": "MOTEX Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000072",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN49068796/index.html",
      "@id": "JVN#49068796",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6026",
      "@id": "CVE-2019-6026",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6026",
      "@id": "CVE-2019-6026",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple MOTEX products vulnerable to privilege escalation"
}

ghsa-f5j5-7wxg-gp96

Vulnerability from github

Published

2022-05-24 17:05

Modified

2024-04-04 02:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6026"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-26T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code.",
  "id": "GHSA-f5j5-7wxg-gp96",
  "modified": "2024-04-04T02:45:40Z",
  "published": "2022-05-24T17:05:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6026"
    },
    {
      "type": "WEB",
      "url": "https://www.motex.co.jp/news/news_topics/2019/release191202"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN49068796/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-201912-0083

Vulnerability from variot

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. OTEX LanScope Cat and LanScope An are products of Japanese MOTEX company. LanScope Cat is a set of asset monitoring and management software. LanScope An is a smart device management tool.

There are security holes in MOTEX LanScope An and LanScope Cat. An attacker could use this vulnerability to gain unauthorized permissions and execute arbitrary code

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0083",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "lanscope an",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "motex",
        "version": "2.7.7.0"
      },
      {
        "model": "lanscope an",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "motex",
        "version": "3.0.8.1"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.0.0.0"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.1.0.8"
      },
      {
        "model": "lanscope cat server monitoring agent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.2.2.0"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motex",
        "version": "8.4.3.2"
      },
      {
        "model": "lanscope cat client program",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.2.0.3"
      },
      {
        "model": "lanscope cat client program",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.0.0.0"
      },
      {
        "model": "lanscope an",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "3.0.0.0"
      },
      {
        "model": "lanscope cat client program",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.0.1.9"
      },
      {
        "model": "lanscope cat client program",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.1.0.8"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.1.0.0"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.2.0.0"
      },
      {
        "model": "lanscope an",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "2.0.0.0"
      },
      {
        "model": "lanscope cat client program",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motex",
        "version": "8.4.3.2"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.2.0.3"
      },
      {
        "model": "lanscope cat detection agent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.0.1.9"
      },
      {
        "model": "lanscope cat client program",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.1.0.0"
      },
      {
        "model": "lanscope cat client program",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "motex",
        "version": "9.2.0.0"
      },
      {
        "model": "lanscope an",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "motex",
        "version": "prior to ver 2.7.7.0 (lanscope an 2 series)"
      },
      {
        "model": "lanscope an",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "motex",
        "version": "prior to ver 3.0.8.1 (lanscope an 3 series)"
      },
      {
        "model": "lanscope cat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "motex",
        "version": "prior to ver.9.2.1.0 (*1)"
      },
      {
        "model": "lanscope cat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "motex",
        "version": "prior to ver.9.2.2.0 (*2)"
      },
      {
        "model": "lanscope cat",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motex",
        "version": "9.2.1.0"
      },
      {
        "model": "lanscope cat",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motex",
        "version": "9.2.2.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:motex:lanscope_an",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:motex:lanscope_cat",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      }
    ]
  },
  "cve": "CVE-2019-6026",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-6026",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 6.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000072",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-03064",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-6026",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000072",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6026",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2019-000072",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-03064",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-154",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. OTEX LanScope Cat and LanScope An are products of Japanese MOTEX company. LanScope Cat is a set of asset monitoring and management software. LanScope An is a smart device management tool. \n\nThere are security holes in MOTEX LanScope An and LanScope Cat. An attacker could use this vulnerability to gain unauthorized permissions and execute arbitrary code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN49068796",
        "trust": 3.0
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "id": "VAR-201912-0083",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      }
    ],
    "trust": 1.3083333499999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:51:49.859000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "A privilege escalation vulnerability in LanScope Cat/LanScope An. (CVE-2019-6026)",
        "trust": 0.8,
        "url": "https://www.motex.co.jp/news/notice/2019/release191202/"
      },
      {
        "title": "Patch for Unknown vulnerability in MOTEX LanScope Cat and LanScope An",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/196967"
      },
      {
        "title": "MOTEX LanScope Cat  and LanScope An Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105879"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://jvn.jp/en/jp/jvn49068796/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.motex.co.jp/news/news_topics/2019/release191202/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6026"
      },
      {
        "trust": 0.6,
        "url": "https://jvn.jp/en/jp/jvn49068796/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6026"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000072.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "date": "2019-12-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "date": "2019-12-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      },
      {
        "date": "2019-12-26T16:15:12.310000",
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03064"
      },
      {
        "date": "2019-12-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      },
      {
        "date": "2024-11-21T04:45:56.400000",
        "db": "NVD",
        "id": "CVE-2019-6026"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple MOTEX products vulnerable to privilege escalation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000072"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-154"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-6026

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6026

Aliases

CVE-2019-6026

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6026",
    "description": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code.",
    "id": "GSD-2019-6026"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6026"
      ],
      "details": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code.",
      "id": "GSD-2019-6026",
      "modified": "2023-12-13T01:23:49.564217Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-6026",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Multiple MOTEX products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "MOTEX.Inc"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.motex.co.jp/news/news_topics/2019/release191202/",
            "refsource": "MISC",
            "url": "https://www.motex.co.jp/news/news_topics/2019/release191202/"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN49068796/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN49068796/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_an:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.7.0",
                "versionStartIncluding": "2.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_an:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.8.1",
                "versionStartIncluding": "3.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.4.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.1.9",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.0.8",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.0.3",
                "versionStartIncluding": "9.2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.4.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.1.9",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.0.8",
                "versionStartIncluding": "9.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.0.3",
                "versionStartIncluding": "9.2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:motex:lanscope_cat_server_monitoring_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6026"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN49068796/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN49068796/index.html"
            },
            {
              "name": "https://www.motex.co.jp/news/news_topics/2019/release191202/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.motex.co.jp/news/news_topics/2019/release191202/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-12-26T16:15Z"
    }
  }
}

fkie_cve-2019-6026

Vulnerability from fkie_nvd

Published

2019-12-26 16:15

Modified

2024-11-21 04:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN49068796/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.motex.co.jp/news/news_topics/2019/release191202/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN49068796/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.motex.co.jp/news/news_topics/2019/release191202/	Vendor Advisory

Impacted products

Vendor	Product	Version
motex	lanscope_an	*
motex	lanscope_an	*
motex	lanscope_cat_client_program	*
motex	lanscope_cat_client_program	*
motex	lanscope_cat_client_program	*
motex	lanscope_cat_client_program	*
motex	lanscope_cat_detection_agent	*
motex	lanscope_cat_detection_agent	*
motex	lanscope_cat_detection_agent	*
motex	lanscope_cat_detection_agent	*
motex	lanscope_cat_server_monitoring_agent	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:motex:lanscope_an:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "186BFA3E-BEB3-4B25-A12C-050C82DD2BAC",
              "versionEndExcluding": "2.7.7.0",
              "versionStartIncluding": "2.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_an:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "81CB465A-3610-433C-9E56-6C9411E86D97",
              "versionEndExcluding": "3.0.8.1",
              "versionStartIncluding": "3.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F8DECD-9C57-482A-9A2C-8199932AF2BF",
              "versionEndExcluding": "8.4.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB937BF-97D2-4C8B-8838-D46810CC8FCF",
              "versionEndIncluding": "9.0.1.9",
              "versionStartIncluding": "9.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037D913C-5CD4-41EB-BB5F-1E5DE4636A63",
              "versionEndIncluding": "9.1.0.8",
              "versionStartIncluding": "9.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_client_program:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A317E8D1-0137-45C7-AFAB-A4A870DA775E",
              "versionEndIncluding": "9.2.0.3",
              "versionStartIncluding": "9.2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E56920-9F6E-46B7-8522-612FBBB90E27",
              "versionEndExcluding": "8.4.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F2C508-1061-4430-9639-FB8ACAAD3CBE",
              "versionEndIncluding": "9.0.1.9",
              "versionStartIncluding": "9.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8094D8-15B3-4BAA-8F30-624AC39CC0AE",
              "versionEndIncluding": "9.1.0.8",
              "versionStartIncluding": "9.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_detection_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "456A3FA5-9DBE-495B-AD54-DEF8DDA5E384",
              "versionEndIncluding": "9.2.0.3",
              "versionStartIncluding": "9.2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:motex:lanscope_cat_server_monitoring_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ADEE284-42C3-4AAD-ADA8-B8AEBB33B348",
              "versionEndExcluding": "9.2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escalada de privilegios en m\u00faltiples productos MOTEX (LanScope Cat Client Program (MR) y LanScope Cat Client Program (MR) LanScope Cat Detection Agent (DA) versiones anteriores a Ver.9.2.1.0, LanScope Cat Server Monitoring Agent (SA, SAE) versiones anteriores a Ver.9.2.2.0, LanScope An versiones anteriores a Ver 2.7.7.0 (LanScope An 2 series) y LanScope An versiones anteriores a Ver 3.0.8.1 (LanScope An 3 series)), permiten a atacantes autenticados alcanzar privilegios no autorizados y ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2019-6026",
  "lastModified": "2024-11-21T04:45:56.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-26T16:15:12.310",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN49068796/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.motex.co.jp/news/news_topics/2019/release191202/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN49068796/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.motex.co.jp/news/news_topics/2019/release191202/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2020-03064

Vulnerability from cnvd

Title

MOTEX LanScope Cat和LanScope An存在未明漏洞

Description

OTEX LanScope Cat和LanScope An都是日本MOTEX公司的产品。LanScope Cat是一套资产监控和管理软件。LanScope An是一款智能设备管理工具。 MOTEX LanScope An和LanScope Cat中存在安全漏洞。攻击者可利用该漏洞获取未授权的权限并执行任意代码。

Severity

高

Patch Name

MOTEX LanScope Cat和LanScope An存在未明漏洞的补丁

Patch Description

OTEX LanScope Cat和LanScope An都是日本MOTEX公司的产品。LanScope Cat是一套资产监控和管理软件。LanScope An是一款智能设备管理工具。 MOTEX LanScope An和LanScope Cat中存在安全漏洞。攻击者可利用该漏洞获取未授权的权限并执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修补方案，请关注厂商主页及时更新： https://jvn.jp/en/jp/JVN49068796/

Reference

https://jvn.jp/en/jp/JVN49068796/

Impacted products

Name
['MOTEX LanScope An <2.7.7.0', 'MOTEX LanScope An <3.0.8.1', 'MOTEX LanScope Cat <9.2.1.0', 'MOTEX LanScope Cat <9.2.2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6026"
    }
  },
  "description": "OTEX LanScope Cat\u548cLanScope An\u90fd\u662f\u65e5\u672cMOTEX\u516c\u53f8\u7684\u4ea7\u54c1\u3002LanScope Cat\u662f\u4e00\u5957\u8d44\u4ea7\u76d1\u63a7\u548c\u7ba1\u7406\u8f6f\u4ef6\u3002LanScope An\u662f\u4e00\u6b3e\u667a\u80fd\u8bbe\u5907\u7ba1\u7406\u5de5\u5177\u3002\n\nMOTEX LanScope An\u548cLanScope Cat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u6743\u9650\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://jvn.jp/en/jp/JVN49068796/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03064",
  "openTime": "2020-01-21",
  "patchDescription": "OTEX LanScope Cat\u548cLanScope An\u90fd\u662f\u65e5\u672cMOTEX\u516c\u53f8\u7684\u4ea7\u54c1\u3002LanScope Cat\u662f\u4e00\u5957\u8d44\u4ea7\u76d1\u63a7\u548c\u7ba1\u7406\u8f6f\u4ef6\u3002LanScope An\u662f\u4e00\u6b3e\u667a\u80fd\u8bbe\u5907\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nMOTEX LanScope An\u548cLanScope Cat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u6743\u9650\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MOTEX LanScope Cat\u548cLanScope An\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "MOTEX LanScope An \u003c2.7.7.0",
      "MOTEX LanScope An \u003c3.0.8.1",
      "MOTEX LanScope Cat \u003c9.2.1.0",
      "MOTEX LanScope Cat \u003c9.2.2.0"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN49068796/",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-03",
  "title": "MOTEX LanScope Cat\u548cLanScope An\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6026 (GCVE-0-2019-6026)

Vulnerability from cvelistv5

CVE-2019-6026

Vulnerability from jvndb

ghsa-f5j5-7wxg-gp96

Vulnerability from github

var-201912-0083

Vulnerability from variot

gsd-2019-6026

Vulnerability from gsd

fkie_cve-2019-6026

Vulnerability from fkie_nvd

cnvd-2020-03064

Vulnerability from cnvd

Tags

Sightings

Nomenclature