CVE-2018-19860 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Affected Products (NVD)

Vendor	Product	Version
cypress	cyw20702a1kwfbg_firmware	-
cypress	cyw20702a1kwfbgt_firmware	-
cypress	cyw20702b0kwfbg_firmware	-
cypress	cyw20702b0kwfbgt_firmware	-
cypress	cyw20703ua1kffb1g_firmware	-
cypress	cyw20703ua1kffb1gt_firmware	-
cypress	cyw20704ua1kffb1g_firmware	-
cypress	cyw20704ua1kffb1gt_firmware	-
cypress	cyw20704ua2kffb1g_firmware	-
cypress	cyw20704ua2kffb1gt_firmware	-
cypress	cyw20705a1kwfbgt_firmware	-
cypress	cyw20705b0kwfbg_firmware	-
cypress	cyw20705b0kwfbgt_firmware	-
cypress	cyw20706ua1kffb1g_firmware	-
cypress	cyw20706ua1kffb1gt_firmware	-
cypress	cyw20706ua1kffb4g_firmware	-
cypress	cyw20706ua2kffb4g_firmware	-
cypress	cyw20706ua2kffb4gt_firmware	-
cypress	cyw20707a2kubgt_firmware	-
cypress	cyw20707ua1kffb1g_firmware	-
cypress	cyw20707ua1kffb4g_firmware	-
cypress	cyw20707ua1kffb4gt_firmware	-
cypress	cyw20707ua2kffb4g_firmware	-
cypress	cyw20707ua2kffb4gt_firmware	-
cypress	cyw20707va1pkwbgt_firmware	-
cypress	cyw20707va2pkwbgt_firmware	-
cypress	cyw20730a1kfbg_firmware	-
cypress	cyw20730a1kfbgt_firmware	-
cypress	cyw20730a1kml2g_firmware	-
cypress	cyw20730a1kml2gt_firmware	-
cypress	cyw20730a1kmlg_firmware	-
cypress	cyw20730a1kmlgt_firmware	-
cypress	cyw20730a2kfbg_firmware	-
cypress	cyw20730a2kfbgt_firmware	-
cypress	cyw20730a2kml2g_firmware	-
cypress	cyw20730a2kml2gt_firmware	-
cypress	cyw20733a1kfb1gt_firmware	-
cypress	cyw20733a2kfb1g_firmware	-
cypress	cyw20733a2kfb1gt_firmware	-
cypress	cyw20733a2kml1g_firmware	-
cypress	cyw20733a2kml1gt_firmware	-
cypress	cyw20733a3kfb1g_firmware	-
cypress	cyw20733a3kfb1gt_firmware	-
cypress	cyw20733a3kfb2gt_firmware	-
cypress	cyw20733a3kml1g_firmware	-
cypress	cyw20733a3kml1gt_firmware	-
cypress	cyw20734ua1kffb3g_firmware	-
cypress	cyw20734ua1kffb3gt_firmware	-
cypress	cyw20734ua2kffb3g_firmware	-
cypress	cyw20734ua2kffb3gt_firmware	-
cypress	cyw43438kubgt_firmware	-
cypress	cyw4343w1kubgt_firmware	-
cypress	cyw4343wkubgt_firmware	-
cypress	cyw4343wkwbgt_firmware	-
cypress	cyw4354kkwbgt_firmware	-
cypress	cyw4354xkubgt_firmware	-
cypress	cyw89071a1cubxgt_firmware	-
cypress	cyw89072brfb5g_firmware	-
cypress	cyw89072brfb5gt_firmware	-
cypress	cyw89335l2cubgt_firmware	-
cypress	cyw89335lcubgt_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

http://seclists.org/fulldisclosure/2019/Aug/11

http://seclists.org/fulldisclosure/2019/Jul/22

https://seclists.org/bugtraq/2019/Aug/21

https://source.android.com/security/bulletin/2019-05-01

https://support.apple.com/kb/HT210348

https://www.broadcom.com/support/resources/product-security-center

http://seclists.org/fulldisclosure/2019/Aug/11

http://seclists.org/fulldisclosure/2019/Jul/22

https://seclists.org/bugtraq/2019/Aug/21

https://source.android.com/security/bulletin/2019-05-01

https://support.apple.com/kb/HT210348

https://www.broadcom.com/support/resources/product-security-center