CVE-2021-27232

Опубликовано: 16 фев. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.

Ссылки

https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt
Exploit
Third Party Advisory
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history
Vendor Advisory
https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt
Exploit
Third Party Advisory
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pelco:digital_sentry_server:7.18.72.11464:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00691

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-w8j5-vv54-4f5v

github

больше 3 лет назад