github - ghsa-5346-4j79-hf8j

ghsa-5346-4j79-hf8j

Vulnerability from github

Published

2022-05-24 17:48

Modified

2022-05-24 17:48

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-522",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.",
  "id": "GHSA-5346-4j79-hf8j",
  "modified": "2022-05-24T17:48:18Z",
  "published": "2022-05-24T17:48:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27392"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-27392 (GCVE-0-2021-27392)

Vulnerability from cvelistv5

Published

2021-04-22 20:42

Modified

2024-08-03 20:48

Severity ?

CWE

CWE-321 - Use of Hard-coded Cryptographic Key

Summary

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf

x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens

Siveillance Video Open Network Bridge

Version: 2020 R3

Siemens	Siveillance Video Open Network Bridge	Version: 2020 R2
Siemens	Siveillance Video Open Network Bridge	Version: 2020 R1
Siemens	Siveillance Video Open Network Bridge	Version: 2019 R3
Siemens	Siveillance Video Open Network Bridge	Version: 2019 R2
Siemens	Siveillance Video Open Network Bridge	Version: 2019 R1
Siemens	Siveillance Video Open Network Bridge	Version: 2018 R3
Siemens	Siveillance Video Open Network Bridge	Version: 2018 R2

Show details on NVD website