PT-2020-10300 · Swisscom · Swisscom Centro Business 1.0+2

Published

2020-03-16

Updated

2021-03-04

CVE-2019-19942

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Swisscom Centro Grande versions prior to 6.16.12 Swisscom Centro Business 1.0 (ADB) versions prior to 7.10.18 Swisscom Centro Business 2.0 versions prior to 8.02.04

Description The issue is related to missing output sanitation, allowing a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.

Recommendations For Swisscom Centro Grande versions prior to 6.16.12, update to version 6.16.12 or later. For Swisscom Centro Business 1.0 (ADB) versions prior to 7.10.18, update to version 7.10.18 or later. For Swisscom Centro Business 2.0 versions prior to 8.02.04, update to version 8.02.04 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-19942

Affected Products

Swisscom Centro Business 1.0

Swisscom Centro Business 2.0

Swisscom Centro Grande

PT-2020-10300 · Swisscom · Swisscom Centro Business 1.0+2

CVE-2019-19942

Weakness Enumeration

Related Identifiers

Affected Products

References · 5