Vulnerability Details : CVE-2019-15020
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
Products affected by CVE-2019-15020
- cpe:2.3:a:zingbox:inspector:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15020
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15020
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-15020
-
The product does not properly verify that the source of data or communication is valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15020
-
https://security.paloaltonetworks.com/CVE-2019-15020
CVE-2019-15020 Command Injection in Zingbox InspectorThird Party Advisory
Jump to