var-201702-0672
Vulnerability from variot
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. VideoInsightWebClient is a web-based client of VideoInsight, USA. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video insight web client",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "eq",
"trust": 0.9,
"vendor": "videoinsight",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "lte",
"trust": 0.8,
"vendor": "videoinsight",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "lte",
"trust": 0.6,
"vendor": "videoinsight",
"version": "\u003c=6.3.5.11"
},
{
"model": "web client",
"scope": "ne",
"trust": 0.3,
"vendor": "videoinsight",
"version": "6.3.6.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web client",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:videoinsight:web_client",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juan Pablo Lopez Yacubian",
"sources": [
{
"db": "BID",
"id": "95416"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00560",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5151",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-5151",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5151",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5151",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-00560",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. VideoInsightWebClient is a web-based client of VideoInsight, USA. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5151",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-012-02",
"trust": 3.3
},
{
"db": "BID",
"id": "95416",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-00560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583",
"trust": 0.8
},
{
"db": "IVD",
"id": "88C02F99-1C14-4A12-9C8D-DCEDC79CE269",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"id": "VAR-201702-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
}
]
},
"last_update_date": "2024-11-23T22:59:21.919000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Web Client",
"trust": 0.8,
"url": "http://www.video-insight.com/web-client.php"
},
{
"title": "Web Client SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88117"
},
{
"title": "VideoInsight Web Client SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66987"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5151"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5151"
},
{
"trust": 0.3,
"url": "http://www.video-insight.com/web-client.php"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-18T00:00:00",
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"date": "2017-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"date": "2017-01-12T00:00:00",
"db": "BID",
"id": "95416"
},
{
"date": "2017-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"date": "2017-02-13T21:59:02.627000",
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"date": "2017-01-23T06:06:00",
"db": "BID",
"id": "95416"
},
{
"date": "2017-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"date": "2024-11-21T03:27:09.487000",
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VideoInsight Web Client In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…