CVE-2019-12496 : An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.

Published 2019-05-31 11:29:03

Updated 2024-02-09 03:20:20

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-12496

Hybridgroup » Gobot
Versions before (<) 1.13.0
cpe:2.3:a:hybridgroup:gobot:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST	2024-02-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)

https://github.com/hybridgroup/gobot/releases/tag/v1.13.0

Release v1.13.0 · hybridgroup/gobot · GitHub
Release Notes
https://github.com/hybridgroup/gobot/compare/ed53198...7f973df

Comparing ed53198...7f973df · hybridgroup/gobot · GitHub
Patch

Jump to