var-201912-0083
Vulnerability from variot
Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. OTEX LanScope Cat and LanScope An are products of Japanese MOTEX company. LanScope Cat is a set of asset monitoring and management software. LanScope An is a smart device management tool.
There are security holes in MOTEX LanScope An and LanScope Cat. An attacker could use this vulnerability to gain unauthorized permissions and execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lanscope an",
"scope": "lt",
"trust": 1.6,
"vendor": "motex",
"version": "2.7.7.0"
},
{
"model": "lanscope an",
"scope": "lt",
"trust": 1.6,
"vendor": "motex",
"version": "3.0.8.1"
},
{
"model": "lanscope cat detection agent",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "9.0.0.0"
},
{
"model": "lanscope cat detection agent",
"scope": "lte",
"trust": 1.0,
"vendor": "motex",
"version": "9.1.0.8"
},
{
"model": "lanscope cat server monitoring agent",
"scope": "lt",
"trust": 1.0,
"vendor": "motex",
"version": "9.2.2.0"
},
{
"model": "lanscope cat detection agent",
"scope": "lt",
"trust": 1.0,
"vendor": "motex",
"version": "8.4.3.2"
},
{
"model": "lanscope cat client program",
"scope": "lte",
"trust": 1.0,
"vendor": "motex",
"version": "9.2.0.3"
},
{
"model": "lanscope cat client program",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "9.0.0.0"
},
{
"model": "lanscope an",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "3.0.0.0"
},
{
"model": "lanscope cat client program",
"scope": "lte",
"trust": 1.0,
"vendor": "motex",
"version": "9.0.1.9"
},
{
"model": "lanscope cat client program",
"scope": "lte",
"trust": 1.0,
"vendor": "motex",
"version": "9.1.0.8"
},
{
"model": "lanscope cat detection agent",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "9.1.0.0"
},
{
"model": "lanscope cat detection agent",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "9.2.0.0"
},
{
"model": "lanscope an",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "2.0.0.0"
},
{
"model": "lanscope cat client program",
"scope": "lt",
"trust": 1.0,
"vendor": "motex",
"version": "8.4.3.2"
},
{
"model": "lanscope cat detection agent",
"scope": "lte",
"trust": 1.0,
"vendor": "motex",
"version": "9.2.0.3"
},
{
"model": "lanscope cat detection agent",
"scope": "lte",
"trust": 1.0,
"vendor": "motex",
"version": "9.0.1.9"
},
{
"model": "lanscope cat client program",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "9.1.0.0"
},
{
"model": "lanscope cat client program",
"scope": "gte",
"trust": 1.0,
"vendor": "motex",
"version": "9.2.0.0"
},
{
"model": "lanscope an",
"scope": "eq",
"trust": 0.8,
"vendor": "motex",
"version": "prior to ver 2.7.7.0 (lanscope an 2 series)"
},
{
"model": "lanscope an",
"scope": "eq",
"trust": 0.8,
"vendor": "motex",
"version": "prior to ver 3.0.8.1 (lanscope an 3 series)"
},
{
"model": "lanscope cat",
"scope": "eq",
"trust": 0.8,
"vendor": "motex",
"version": "prior to ver.9.2.1.0 (*1)"
},
{
"model": "lanscope cat",
"scope": "eq",
"trust": 0.8,
"vendor": "motex",
"version": "prior to ver.9.2.2.0 (*2)"
},
{
"model": "lanscope cat",
"scope": "lt",
"trust": 0.6,
"vendor": "motex",
"version": "9.2.1.0"
},
{
"model": "lanscope cat",
"scope": "lt",
"trust": 0.6,
"vendor": "motex",
"version": "9.2.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:motex:lanscope_an",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:motex:lanscope_cat",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
}
]
},
"cve": "CVE-2019-6026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6026",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-000072",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-03064",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6026",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-000072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6026",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2019-000072",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-03064",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-154",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
},
{
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. OTEX LanScope Cat and LanScope An are products of Japanese MOTEX company. LanScope Cat is a set of asset monitoring and management software. LanScope An is a smart device management tool. \n\nThere are security holes in MOTEX LanScope An and LanScope Cat. An attacker could use this vulnerability to gain unauthorized permissions and execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "CNVD",
"id": "CNVD-2020-03064"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN49068796",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-6026",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-03064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-154",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
},
{
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"id": "VAR-201912-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
}
],
"trust": 1.3083333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
}
]
},
"last_update_date": "2024-11-23T21:51:49.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "A privilege escalation vulnerability in LanScope Cat/LanScope An. (CVE-2019-6026)",
"trust": 0.8,
"url": "https://www.motex.co.jp/news/notice/2019/release191202/"
},
{
"title": "Patch for Unknown vulnerability in MOTEX LanScope Cat and LanScope An",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/196967"
},
{
"title": "MOTEX LanScope Cat and LanScope An Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn49068796/index.html"
},
{
"trust": 1.6,
"url": "https://www.motex.co.jp/news/news_topics/2019/release191202/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6026"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn49068796/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6026"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000072.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
},
{
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
},
{
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"date": "2019-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"date": "2019-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-154"
},
{
"date": "2019-12-26T16:15:12.310000",
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03064"
},
{
"date": "2019-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-000072"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-154"
},
{
"date": "2024-11-21T04:45:56.400000",
"db": "NVD",
"id": "CVE-2019-6026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple MOTEX products vulnerable to privilege escalation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-000072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-154"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…