cvelistv5 - CVE-2015-2849

CVE-2015-2849 (GCVE-0-2015-2849)

Vulnerability from cvelistv5 – Published: 2015-07-07 14:00 – Updated: 2024-08-06 05:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

http://www.kb.cert.org/vuls/id/485324

third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#485324",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/485324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-07-07T11:57:03",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#485324",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/485324"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2849",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#485324",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/485324"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-2849",
    "datePublished": "2015-07-07T14:00:00",
    "dateReserved": "2015-04-03T00:00:00",
    "dateUpdated": "2024-08-06T05:24:38.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05D05CE4-2981-43D7-B80C-DE264FF4413B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C52E287E-8D66-434D-BF0B-A57DBA4D6321\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3AB0909-139C-4BA3-8F24-3B87FAF33BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:antlabs:inngate_ig_3100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3698F0B4-CD2F-478A-AC38-CAC91011DE80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:antlabs:inngate_sg_4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89B29893-6A55-46E4-8281-6B12B3C604ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:antlabs:inngate_ssg_4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A593B94-BE7E-498D-BACF-80E51655818C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en main.ant en ANTlabs InnGate Firmware en los dispositivos IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, y SSG 4, cuando https est\\u00e1 utilizado, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\\u00e9s del par\\u00e1metro ppli.\"}]",
      "id": "CVE-2015-2849",
      "lastModified": "2024-11-21T02:28:12.267",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-07-07T14:59:00.090",
      "references": "[{\"url\": \"http://www.kb.cert.org/vuls/id/485324\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/485324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2849\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2015-07-07T14:59:00.090\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en main.ant en ANTlabs InnGate Firmware en los dispositivos IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, y SSG 4, cuando https est\u00e1 utilizado, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ppli.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05D05CE4-2981-43D7-B80C-DE264FF4413B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52E287E-8D66-434D-BF0B-A57DBA4D6321\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3AB0909-139C-4BA3-8F24-3B87FAF33BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:antlabs:inngate_ig_3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3698F0B4-CD2F-478A-AC38-CAC91011DE80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:antlabs:inngate_sg_4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B29893-6A55-46E4-8281-6B12B3C604ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:antlabs:inngate_ssg_4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A593B94-BE7E-498D-BACF-80E51655818C\"}]}]}],\"references\":[{\"url\":\"http://www.kb.cert.org/vuls/id/485324\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/485324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

FKIE_CVE-2015-2849

Vulnerability from fkie_nvd - Published: 2015-07-07 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cret@cert.org	http://www.kb.cert.org/vuls/id/485324	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/485324	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
antlabs	inngate_ig_3.01_e	-
antlabs	inngate_ig_3.10_e	-
antlabs	inngate_ig_3.10_m	-
antlabs	inngate_ig_3100	-
antlabs	inngate_sg_4	-
antlabs	inngate_ssg_4	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D05CE4-2981-43D7-B80C-DE264FF4413B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E287E-8D66-434D-BF0B-A57DBA4D6321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3AB0909-139C-4BA3-8F24-3B87FAF33BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:antlabs:inngate_ig_3100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3698F0B4-CD2F-478A-AC38-CAC91011DE80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:antlabs:inngate_sg_4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B29893-6A55-46E4-8281-6B12B3C604ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:antlabs:inngate_ssg_4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A593B94-BE7E-498D-BACF-80E51655818C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en main.ant en ANTlabs InnGate Firmware en los dispositivos IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, y SSG 4, cuando https est\u00e1 utilizado, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ppli."
    }
  ],
  "id": "CVE-2015-2849",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-07T14:59:00.090",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/485324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/485324"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2H78-FQF4-59QG

Vulnerability from github – Published: 2022-05-17 04:11 – Updated: 2022-05-17 04:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-07T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.",
  "id": "GHSA-2h78-fqf4-59qg",
  "modified": "2022-05-17T04:11:59Z",
  "published": "2022-05-17T04:11:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2849"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/485324"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201507-0144

Vulnerability from variot - Updated: 2023-12-18 12:57

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "inngate ig 3.10 m",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate ig 3100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate sg 4",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate ig 3.01 e",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate ssg 4",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate ig 3.10 e",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate e-series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "antlabs",
        "version": "3.01"
      },
      {
        "model": "inngate e-series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "antlabs",
        "version": "3.10"
      },
      {
        "model": "inngate m-series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "antlabs",
        "version": "3.10"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "ig 3100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "antlabs",
        "version": "model 3100"
      },
      {
        "model": "ig 3100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "antlabs",
        "version": "model 3101"
      },
      {
        "model": "inngate 3.00 e-series",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate 3.01 e-series",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate 3.01 g-series",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate 3.02 e-series",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate 3.10 e-series",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "inngate 3.10 g-series",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "sg 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "ssg 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "antlabs",
        "version": null
      },
      {
        "model": "ssg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "antlabs",
        "version": "4"
      },
      {
        "model": "sg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "antlabs",
        "version": "4"
      },
      {
        "model": "ig3100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "antlabs",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "BID",
        "id": "75560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3100:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ssg_4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_sg_4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Devesh Logendran",
    "sources": [
      {
        "db": "BID",
        "id": "75560"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2849",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-2849",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-04404",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2849",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04404",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-160",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "BID",
        "id": "75560"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#485324",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "75560",
        "trust": 0.9
      },
      {
        "db": "JVN",
        "id": "JVNVU92209185",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "BID",
        "id": "75560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "id": "VAR-201507-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      }
    ],
    "trust": 1.35
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:46.371000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)",
        "trust": 0.8,
        "url": "http://www.antlabs.com/advisory-sql-injection-reflected-cross-site-scripting-vulnerabilities/"
      },
      {
        "title": "Patch for ANTlabs InnGate Firmware SQL Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/60652"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www.kb.cert.org/vuls/id/485324"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2849"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92209185"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2849"
      },
      {
        "trust": 0.3,
        "url": "http://www.antlabs.com/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "BID",
        "id": "75560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "BID",
        "id": "75560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "date": "2015-07-06T00:00:00",
        "db": "BID",
        "id": "75560"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "date": "2015-07-07T14:59:00.090000",
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "date": "2015-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#485324"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "date": "2015-07-06T00:00:00",
        "db": "BID",
        "id": "75560"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003474"
      },
      {
        "date": "2015-07-08T21:46:52.280000",
        "db": "NVD",
        "id": "CVE-2015-2849"
      },
      {
        "date": "2015-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ANTlabs InnGate Firmware SQL Injection Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04404"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-160"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-2849

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2849

Aliases

CVE-2015-2849

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2849",
    "description": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.",
    "id": "GSD-2015-2849"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2849"
      ],
      "details": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.",
      "id": "GSD-2015-2849",
      "modified": "2023-12-13T01:20:00.818171Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-2849",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#485324",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/485324"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3100:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ssg_4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:antlabs:inngate_sg_4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2849"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#485324",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource",
                "Third Party Advisory"
              ],
              "url": "http://www.kb.cert.org/vuls/id/485324"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-07-08T21:46Z",
      "publishedDate": "2015-07-07T14:59Z"
    }
  }
}

CNVD-2015-04404

Vulnerability from cnvd - Published: 2015-07-13

Title

ANTlabs InnGate固件SQL注入漏洞

Description

ANTlabs InnGate firmware on IG 3100等是新加坡ANTlabs公司的一款用于IG 3100网关等设备中的固件。多款ANTlabs设备的ANTlabs InnGate固件中的main.ant文件中存在SQL注入漏洞。远程攻击者可以在基础数据库上执行任意查询。据ANTLabs，只有HTTPS连接都容易受到这种攻击。

Severity

高

Patch Name

ANTlabs InnGate固件SQL注入漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.antlabs.com/products/ig-3100/

Reference

http://www.kb.cert.org/vuls/id/485324

Impacted products

Name
['ANTlabs InnGate 3.01 E-Series', 'ANTlabs InnGate 3.10 E-Series', 'ANTlabs InnGate 3.10 M-Series']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75560"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2849"
    }
  },
  "description": "ANTlabs InnGate firmware on IG 3100\u7b49\u662f\u65b0\u52a0\u5761ANTlabs\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eIG 3100\u7f51\u5173\u7b49\u8bbe\u5907\u4e2d\u7684\u56fa\u4ef6\u3002\r\n\r\n\u591a\u6b3eANTlabs\u8bbe\u5907\u7684ANTlabs InnGate\u56fa\u4ef6\u4e2d\u7684main.ant\u6587\u4ef6\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u57fa\u7840\u6570\u636e\u5e93\u4e0a\u6267\u884c\u4efb\u610f\u67e5\u8be2\u3002\u636eANTLabs\uff0c\u53ea\u6709HTTPS\u8fde\u63a5\u90fd\u5bb9\u6613\u53d7\u5230\u8fd9\u79cd\u653b\u51fb\u3002",
  "discovererName": "Devesh Logendran",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.antlabs.com/products/ig-3100/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04404",
  "openTime": "2015-07-13",
  "patchDescription": "ANTlabs InnGate firmware on IG 3100\u7b49\u662f\u65b0\u52a0\u5761ANTlabs\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eIG 3100\u7f51\u5173\u7b49\u8bbe\u5907\u4e2d\u7684\u56fa\u4ef6\u3002\u591a\u6b3eANTlabs\u8bbe\u5907\u7684ANTlabs InnGate\u56fa\u4ef6\u4e2d\u7684main.ant\u6587\u4ef6\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u57fa\u7840\u6570\u636e\u5e93\u4e0a\u6267\u884c\u4efb\u610f\u67e5\u8be2\u3002\u636eANTLabs\uff0c\u53ea\u6709HTTPS\u8fde\u63a5\u90fd\u5bb9\u6613\u53d7\u5230\u8fd9\u79cd\u653b\u51fb\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ANTlabs InnGate\u56fa\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ANTlabs InnGate 3.01 E-Series",
      "ANTlabs InnGate 3.10 E-Series",
      "ANTlabs InnGate 3.10 M-Series"
    ]
  },
  "referenceLink": "http://www.kb.cert.org/vuls/id/485324",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-09",
  "title": "ANTlabs InnGate\u56fa\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2849 (GCVE-0-2015-2849)

FKIE_CVE-2015-2849

GHSA-2H78-FQF4-59QG

VAR-201507-0144

GSD-2015-2849

CNVD-2015-04404

Tags

Sightings

Nomenclature