{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Remote Command Injection in Zingbox Inspector"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2019-1584","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-03-11T22:36:03.136Z","generator":{"date":"2026-03-11T22:36:03.136Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2019-1584","initial_release_date":"2019-10-01T07:00:00.000Z","revision_history":[{"number":"1","date":"2026-03-11T15:36:03.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2019-1584","product_status":{"fixed":["PANW-Zingbox-Inspector-1"],"known_affected":["PANW-Zingbox-Inspector-3"]},"notes":[{"category":"description","text":"A security vulnerability exists in Zingbox Inspector that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.  (Ref: CVE-2019-1584)\nThis vulnerability can only be triggered by malicous commands sent by the Zingbox cloud to the Zingbox Inspector software.  The Zingbox Inspector is configured to connect only to an authorized Zingbox cloud, which is authenticated using PKI.  The vulnerability allows for remote code execution only if the Zingbox Inspector or Zingbox cloud are tampered with in order to send malicious commands to the Zingbox Inspector software.\nThis issue affects Zingbox Inspector, versions 1.293 and earlier."}],"references":[{"category":"external","summary":"NVD - CVE-2019-1584","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1584"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2019-1584","url":"https://security.paloaltonetworks.com/CVE-2019-1584"}],"threats":[{"category":"impact","description":"A security vulnerability exists in Zingbox Inspector that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.  (Ref: CVE-2019-1584)\nThis vulnerability can only be triggered by malicous commands sent by the Zingbox cloud to the Zingbox Inspector software.  The Zingbox Inspector is configured to connect only to an authorized Zingbox cloud, which is authenticated using PKI.  The vulnerability allows for remote code execution only if the Zingbox Inspector or Zingbox cloud are tampered with in order to send malicious commands to the Zingbox Inspector software.\nThis issue affects Zingbox Inspector, versions 1.293 and earlier."}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"products":["PANW-Zingbox-Inspector-3"]}]}]}