CVE-2019-19104
📋 TL;DR
This vulnerability allows unauthenticated attackers to access sensitive endpoints in ABB Telephone Gateway and Busch-Jaeger Telefon-Gateway devices by using specific URLs, bypassing authentication requirements. This can lead to information disclosure that may facilitate further attacks and privilege escalation. Organizations using ABB TG/S 3.2 or Busch-Jaeger 6186/11 Telefon-Gateway are affected.
💻 Affected Systems
- ABB Telephone Gateway TG/S
- Busch-Jaeger 6186/11 Telefon-Gateway
📦 What is this software?
6186\/11 Firmware by Busch Jaeger
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative access to the gateway, intercept communications, modify configurations, and use the device as a foothold for lateral movement within the network.
Likely Case
Unauthenticated attackers access sensitive configuration data, user information, or system logs that enable credential harvesting or privilege escalation attacks.
If Mitigated
With proper network segmentation and access controls, impact is limited to the gateway device itself without compromising broader network resources.
🎯 Exploit Status
Exploitation requires only knowledge of specific URLs and network access to the device. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available documentation
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Contact ABB/Busch-Jaeger support for latest firmware. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify authentication is required for all endpoints.
🔧 Temporary Workarounds
Network Segmentation
allIsolate gateway devices from untrusted networks and restrict access to authorized IPs only
Access Control Lists
allImplement firewall rules to block unauthorized access to gateway management interfaces
🧯 If You Can't Patch
- Segment gateway devices in isolated VLAN with strict access controls
- Implement network monitoring for unauthorized access attempts to gateway endpoints
🔍 How to Verify
Check if Vulnerable:
Attempt to access gateway management endpoints without authentication using known vulnerable URLsCheck Version:
Check device web interface or console for firmware version informationVerify Fix Applied:
Verify authentication is required for all management endpoints and sensitive data cannot be accessed without valid credentials📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to sensitive endpoints
- Multiple failed authentication attempts followed by successful unauthenticated access
Network Indicators:
- HTTP requests to sensitive endpoints without authentication headers
- Unusual traffic patterns to gateway management interfaces
SIEM Query:
source_ip=* dest_ip=gateway_ip http_method=GET uri_path="/sensitive/*" auth_status="none"