CVE-2019-3915 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Verizon	Fios Quantum Gateway G1100 Firmware	02.01.00.05
Verizon	Fios Quantum Gateway G1100	-

Related Weaknesses (CWE)

CWE-294

References

http://www.securityfocus.com/bid/107883
https://www.tenable.com/security/research/tra-2019-17Third Party Advisory
http://www.securityfocus.com/bid/107883
https://www.tenable.com/security/research/tra-2019-17Third Party Advisory

FAQ

What is CVE-2019-3915?

CVE-2019-3915 is a vulnerability with a CVSS score of 7.5 (HIGH). Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept ...

How severe is CVE-2019-3915?

CVE-2019-3915 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3915?

Check the references section above for vendor advisories and patch information. Affected products include: Verizon Fios Quantum Gateway G1100 Firmware, Verizon Fios Quantum Gateway G1100.