CVE-2019-1584

Name of the Vulnerable Software and Affected Versions Zingbox Inspector versions 1.293 and earlier

Description A security issue exists that allows for remote code execution if the Inspector receives a malicious command from the Zingbox cloud or is tampered with to connect to an attacker's cloud endpoint. The vulnerability is also described as a result of insufficient input validation, which could allow a remote attacker to implement a "man-in-the-middle" attack.

Recommendations For Zingbox Inspector versions 1.293 and earlier, update to a version later than 1.293 to resolve the issue. As a temporary workaround, consider restricting access to the Zingbox cloud endpoint to minimize the risk of exploitation. Additionally, ensure that the Zingbox Inspector is not tampered with to connect to unauthorized cloud endpoints.