Multiple vulnerabilities in Palo Alto Zingbox Inspector
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2019-1584 CVE-2019-15014 CVE-2019-15016 CVE-2019-15017 CVE-2019-15015 CVE-2019-15018 CVE-2019-15019 CVE-2019-15020 CVE-2019-15021 CVE-2019-15022 CVE-2019-15023 |
| CWE-ID | CWE-345 CWE-78 CWE-89 CWE-798 CWE-287 CWE-494 CWE-918 CWE-290 CWE-256 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Zingbox Inspector Client/Desktop applications / Software for system administration |
| Vendor | Palo Alto Networks, Inc. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU21513
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-1584
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
the vulnerability exists due to Zingbox Inspector accepts and executes commands sent from a trusted Zingbox cloud, authenticated with PKI. A remote attacker with ability to perform man-in-the-middle (MitM) attack can execute arbitrary commands on the affected system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.293
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/164
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU21512
Risk: Medium
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15014
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists in the Zingbox Inspector CLI. A localuser can execute arbitrary OS commands on the target system within the product CLI console.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.286
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/167
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU21511
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15016
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Zingbox Inspector management interface. A remote authenticated user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.288
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/173
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of hard-coded credentials
EUVDB-ID: #VU21509
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-15017,CVE-2019-15015
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code for root and inspector user account. A remote unauthenticated attacker can access the affected system using the hard-coded credentials via SSH server that is also exposed by default.
Install updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.294
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/170
https://securityadvisories.paloaltonetworks.com/Home/Detail/176
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Authentication
EUVDB-ID: #VU21507
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15018
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to absent authentication checks when binding tenants. A remote authenticated user can bind the Inspector instance to a different customer tenant.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:*:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/179
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Download of code without integrity check
EUVDB-ID: #VU21506
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15019
CWE-ID:
CWE-494 - Download of Code Without Integrity Check
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading firmware updates. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious firmware image and gain full control over the affected system after a successful software update.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.294
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/182
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Download of code without integrity check
EUVDB-ID: #VU21505
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15020
CWE-ID:
CWE-494 - Download of Code Without Integrity Check
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading updates. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.293
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/185
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU21504
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15021
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted request to Zingbox Inspector and identify any running instances of Zingbox Inspector on a local area network.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.294
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/188
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) ARP spoofing
EUVDB-ID: #VU21503
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-15022
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to absence of protection against ARP spoofing. A remote attacker can spoof ARP packets and gain unauthorized access to Zingbox Inspector.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.294
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/191
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Unprotected storage of credentials
EUVDB-ID: #VU21500
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-15023
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A local user can view contents of the configuration file and gain access to passwords for 3rd party integration.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZingbox Inspector: 1.280 - 1.294
CPE2.3- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:zingbox_inspector:1.282:*:*:*:*:*:*:*
https://securityadvisories.paloaltonetworks.com/Home/Detail/194
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
