Lucene search

MitreCVE-2017-15290

HistoryOct 12, 2017 - 4:29 p.m.

CVE-2017-15290

2017-10-1216:29:00

CWE-319

mitre

web.nvd.nist.gov

cve-2017-15290

mirasys video management system

vms

data transfer

cleartext

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.7%

JSON

Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.

Affected configurations

Nvd

Node

mirasysvideo_management_systemMatch6.2.5

mirasysvideo_management_systemMatch7.0.1

mirasysvideo_management_systemMatch7.3.1

mirasysvideo_management_systemMatch7.3.3

mirasysvideo_management_systemMatch7.5.2

mirasysvideo_management_systemMatch7.5.3

mirasysvideo_management_systemMatch7.5.7

mirasysvideo_management_systemMatch7.5.11

mirasysvideo_management_systemMatch8.0.0

mirasysvideo_management_systemMatch8.1.0

VendorProductVersionCPE
mirasysvideo_management_system6.2.5cpe:2.3:a:mirasys:video_management_system:6.2.5:*:*:*:*:*:*:*
mirasysvideo_management_system7.0.1cpe:2.3:a:mirasys:video_management_system:7.0.1:*:*:*:*:*:*:*
mirasysvideo_management_system7.3.1cpe:2.3:a:mirasys:video_management_system:7.3.1:*:*:*:*:*:*:*
mirasysvideo_management_system7.3.3cpe:2.3:a:mirasys:video_management_system:7.3.3:*:*:*:*:*:*:*
mirasysvideo_management_system7.5.2cpe:2.3:a:mirasys:video_management_system:7.5.2:*:*:*:*:*:*:*
mirasysvideo_management_system7.5.3cpe:2.3:a:mirasys:video_management_system:7.5.3:*:*:*:*:*:*:*
mirasysvideo_management_system7.5.7cpe:2.3:a:mirasys:video_management_system:7.5.7:*:*:*:*:*:*:*
mirasysvideo_management_system7.5.11cpe:2.3:a:mirasys:video_management_system:7.5.11:*:*:*:*:*:*:*
mirasysvideo_management_system8.0.0cpe:2.3:a:mirasys:video_management_system:8.0.0:*:*:*:*:*:*:*
mirasysvideo_management_system8.1.0cpe:2.3:a:mirasys:video_management_system:8.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mirasys	video_management_system	6.2.5	cpe:2.3:a:mirasys:video_management_system:6.2.5:::::::*
mirasys	video_management_system	7.0.1	cpe:2.3:a:mirasys:video_management_system:7.0.1:::::::*
mirasys	video_management_system	7.3.1	cpe:2.3:a:mirasys:video_management_system:7.3.1:::::::*
mirasys	video_management_system	7.3.3	cpe:2.3:a:mirasys:video_management_system:7.3.3:::::::*
mirasys	video_management_system	7.5.2	cpe:2.3:a:mirasys:video_management_system:7.5.2:::::::*
mirasys	video_management_system	7.5.3	cpe:2.3:a:mirasys:video_management_system:7.5.3:::::::*
mirasys	video_management_system	7.5.7	cpe:2.3:a:mirasys:video_management_system:7.5.7:::::::*
mirasys	video_management_system	7.5.11	cpe:2.3:a:mirasys:video_management_system:7.5.11:::::::*
mirasys	video_management_system	8.0.0	cpe:2.3:a:mirasys:video_management_system:8.0.0:::::::*
mirasys	video_management_system	8.1.0	cpe:2.3:a:mirasys:video_management_system:8.1.0:::::::*

References

ipvm.com/forums/video-surveillance/topics/mirasys-happy-with-bad-security-unless-hit-with-bad-press

www.dropbox.com/s/un43q74ie55wtpe/mirasys-vms-leak-2017.zip?dl=1

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.7%

JSON

Related for CVE-2017-15290