CVE-2019-17393 – CVE-2019-17393 allows attackers to intercept an... (How to Fix)

Q: What is the severity of CVE-2019-17393?

CVE-2019-17393 has a CVSS score of 9.8 (CRITICAL). CVE-2019-17393 allows attackers to intercept and decode authentication credentials between Tomedo Server components due to unencrypted HTTP communication and weak basic authentication. This affects Tomedo Server version 1.7.3 deployments where customer and vendor servers communicate over untrusted networks.

📋 TL;DR

CVE-2019-17393 allows attackers to intercept and decode authentication credentials between Tomedo Server components due to unencrypted HTTP communication and weak basic authentication. This affects Tomedo Server version 1.7.3 deployments where customer and vendor servers communicate over untrusted networks.

💻 Affected Systems

Products:

Tomedo Server

Versions: 1.7.3

Operating Systems: All platforms running Tomedo Server

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable in default configuration when customer and vendor Tomedo Server components communicate.

📦 What is this software?

Server by Tomedo

View all CVEs affecting Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of Tomedo Server infrastructure, credential theft leading to unauthorized access, data exfiltration, and potential lateral movement to connected systems.

🟠

Likely Case

Credential theft allowing unauthorized access to Tomedo Server management interfaces, potential data leakage of sensitive customer/vendor information.

🟢

If Mitigated

Limited to internal network exposure with proper segmentation, though credentials remain vulnerable to internal attackers.

🌐 Internet-Facing: HIGH - Any internet-facing Tomedo Server communication is trivially exploitable via network sniffing.

🏢 Internal Only: HIGH - Internal network traffic can be sniffed by compromised hosts or malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to sniff traffic between Tomedo Server components. Public proof-of-concept demonstrates credential extraction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer versions if available, or implement workarounds.

🔧 Temporary Workarounds

Enable HTTPS/TLS Encryption

all

Configure Tomedo Server to use HTTPS/TLS for all communications between customer and vendor components

Configure Tomedo Server to use HTTPS - specific commands depend on Tomedo Server configuration

Network Segmentation and Encryption

all

Isolate Tomedo Server traffic to protected VLANs and implement VPN or IPsec tunnels between components

Implement network segmentation rules and VPN/IPsec configuration appropriate for your environment

🧯 If You Can't Patch

Implement network-level encryption (VPN/IPsec) between all Tomedo Server components
Deploy network monitoring and IDS/IPS to detect credential sniffing attempts

🔍 How to Verify

Check if Vulnerable:

Check Tomedo Server configuration for HTTP communication between customer and vendor components. Use network sniffing tools (tcpdump, Wireshark) to verify if credentials are transmitted in cleartext.

Check Version:

Check Tomedo Server version through administrative interface or configuration files

Verify Fix Applied:

Verify all Tomedo Server communications use HTTPS/TLS. Test with network sniffing to confirm no cleartext credentials are transmitted.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts from unexpected IPs
Multiple authentication requests in short timeframes

Network Indicators:

Cleartext HTTP traffic between Tomedo Server components on port 80
Base64-encoded credentials in network packets

SIEM Query:

source_ip IN (tomedo_servers) AND dest_ip IN (tomedo_servers) AND protocol=HTTP AND (uri CONTAINS 'auth' OR content CONTAINS 'Basic')

📊 Metadata

CVE ID: CVE-2019-17393

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-319

Published: October 18, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/33 Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/33 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-17393, you might also want to check these: