CVE-2024-45175

Опубликовано: 05 сент. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server.

Ссылки

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-028.txt
Exploit
Vendor Advisory
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/21
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:c-mor:c-mor_video_surveillance:5.2401:*:*:*:*:*:*:*

cpe:2.3:a:c-mor:c-mor_video_surveillance:6.00:patch_level_01:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00866

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-cx8j-vf9x-758j