CVE-2019-3946

Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/108740	Third Party Advisory
https://www.tenable.com/security/research/tra-2019-27	Exploit Third Party Advisory
http://www.securityfocus.com/bid/108740	Third Party Advisory
https://www.tenable.com/security/research/tra-2019-27	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fujielectric:v-server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:42

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/108740 - Third Party Advisory~~	() http://www.securityfocus.com/bid/108740 - Third Party Advisory
References	~~() https://www.tenable.com/security/research/tra-2019-27 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2019-27 - Exploit, Third Party Advisory

Information

Published : 2019-06-12 15:29

Updated : 2024-11-21 04:42

NVD link : CVE-2019-3946

Mitre link : CVE-2019-3946

CVE.ORG link : CVE-2019-3946

JSON object : View

Products Affected

fujielectric

v-server

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2019-3946", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-06-12T15:29:00.863", "references": [{"url": "http://www.securityfocus.com/bid/108740", "tags": ["Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2019-27", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "http://www.securityfocus.com/bid/108740", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/research/tra-2019-27", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic."}, {"lang": "es", "value": "El Fuji Electric V-Server anterior a versi\u00f3n 6.0.33.0, es vulnerable a la denegaci\u00f3n de servicio por medio de un mensaje UDP creado en el puerto 8005. Un atacante remoto no identificado puede bloquear el archivo vserver.exe debido a un desbordamiento de enteros en la l\u00f3gica de manejo de mensajes UDP."}], "lastModified": "2024-11-21T04:42:55.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F47D918A-C673-47E3-8C59-64F116247C25", "versionEndExcluding": "6.0.33.0"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-3946

7.5^/10

5.0^/10

Attach tags to `CVE-2019-3946`