FKIE_CVE-2023-39435

Vulnerability from fkie_nvd - Published: 2023-11-08 23:15 - Updated: 2024-11-21 08:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
References
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
zavio cf7500_firmware m2.1.6.05
zavio cf7500 -
zavio cf7300_firmware m2.1.6.05
zavio cf7300 -
zavio cf7201_firmware m2.1.6.05
zavio cf7201 -
zavio cf7501_firmware m2.1.6.05
zavio cf7501 -
zavio cb3211_firmware m2.1.6.05
zavio cb3211 -
zavio cb3212_firmware m2.1.6.05
zavio cb3212 -
zavio cb5220_firmware m2.1.6.05
zavio cb5220 -
zavio cb6231_firmware m2.1.6.05
zavio cb6231 -
zavio b8520_firmware m2.1.6.05
zavio b8520 -
zavio b8220_firmware m2.1.6.05
zavio b8220 -
zavio cd321_firmware m2.1.6.05
zavio cd321 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "D543FC87-52FF-4BC4-BE57-949BB23D88AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F595D2-3CB4-4444-A01F-CE38CBE2D0DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA43E48-E3D0-4913-9040-BF11D9E61385",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B008EE1F-5B08-417A-8206-20F1362DB911",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6E3CDA-3C8B-4894-A42A-CFC5AA077047",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5240BE7-31E4-4A40-A480-E744E3CAEA3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF6549F-9E86-4B45-8B60-BB62BEB72B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9285F916-50BE-4E41-8EF3-97D882B54CD6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7DBB50-D334-493F-B661-04C798383D29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C32A113-76F5-4EBD-BD15-EFBB17F0942C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "883549EB-5A5B-437E-8B10-D7C691142B92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC86EF14-298F-414E-8558-1D025CDF6057",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "C43C9ED3-167E-4424-841E-50A56FF398F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFEC44B0-C2C7-4306-91CA-AA841B23498D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E8483A6-426F-4595-8B7F-1FC04E9B31FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "766018BD-DD32-420A-9511-D97D9DE46BBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "779DE260-60AA-465E-957D-B7502E806863",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F60E1FE1-F2E8-4BF7-A33D-4ED4D72BF360",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "99AC7EEC-C4A5-4F79-9608-D02E29356217",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8623A941-0514-49BD-967D-E347F6F99329",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "35DCACBC-6483-4113-BC77-041BE4D692F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E906053-BE44-45B4-AD08-D7DFCFD5EDF2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 IP Cameras \n\nwith firmware version M2.1.6.05 are \nvulnerable to stack-based overflows. During the process of updating \ncertain settings sent from incoming network requests, the product does \nnot sufficiently check or validate allocated buffer size. This may lead \nto remote code execution.\n\n"
    },
    {
      "lang": "es",
      "value": "IP Cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220 y CD321 con versi\u00f3n de firmware M2.1.6.05 son vulnerables a desbordamientos basados en pila. Durante el proceso de actualizaci\u00f3n de ciertas configuraciones enviadas desde solicitudes de red entrantes, el producto no verifica ni valida suficientemente el tama\u00f1o del b\u00fafer asignado. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "id": "CVE-2023-39435",
  "lastModified": "2024-11-21T08:15:25.190",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-08T23:15:08.310",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.