var-201911-1166
Vulnerability from variot
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Java RMI service, which listens on TCP port 52569 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The software provides features such as storage performance monitoring and report generation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc storage monitoring and reporting",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": "4.3.1"
},
{
"model": "storage m\u0026r",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "4.3.1"
},
{
"model": "emc storage monitoring and reporting",
"scope": null,
"trust": 0.7,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:storage_m%26r",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "tint0 of Viettel Cyber Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
}
],
"trust": 1.3
},
"cve": "CVE-2019-18580",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18580",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-150941",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18580",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18580",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18580",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18580",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18580",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-18580",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18580",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2019-18580",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1415",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-150941",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "VULHUB",
"id": "VHN-150941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Java RMI service, which listens on TCP port 52569 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The software provides features such as storage performance monitoring and report generation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18580"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "VULHUB",
"id": "VHN-150941"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18580",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-19-996",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8929",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-150941",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "VULHUB",
"id": "VHN-150941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"id": "VAR-201911-1166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-150941"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:11:37.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-176: Dell EMC Storage Monitoring and Reporting (SMR) Java RMI Deserialization of Untrusted Data Vulnerability",
"trust": 0.8,
"url": "https://www.dell.com/support/security/ja-jp/details/538977/DSA-2019-176-Dell-EMC-Storage-Monitoring-and-Reporting-SMR-Java-RMI-Deserialization-of-Untruste"
},
{
"title": "Dell has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.dell.com/support/security/es-es/details/538977/DSA-2019-176-Dell-EMC-Storage-Monitoring-and-Reporting-SMR-Java-RMI-Deserialization-of-Untruste"
},
{
"title": "Dell EMC Storage Monitoring and Reporting Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105215"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/security/en-us/details/538977/dsa-2019-176-dell-emc-storage-monitoring-and-reporting-smr-java-rmi-deserialization-of-untruste"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18580"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18580"
},
{
"trust": 0.7,
"url": "https://www.dell.com/support/security/es-es/details/538977/dsa-2019-176-dell-emc-storage-monitoring-and-reporting-smr-java-rmi-deserialization-of-untruste"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-996/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "VULHUB",
"id": "VHN-150941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"db": "VULHUB",
"id": "VHN-150941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"date": "2019-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-150941"
},
{
"date": "2019-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"date": "2019-11-26T17:15:12.750000",
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-996"
},
{
"date": "2019-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-150941"
},
{
"date": "2019-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013090"
},
{
"date": "2019-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1415"
},
{
"date": "2024-11-21T04:33:20.227000",
"db": "NVD",
"id": "CVE-2019-18580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC Storage Monitoring and Reporting Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013090"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1415"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…