Lucene search

[email protected]CVE-2019-12727

HistoryJun 04, 2019 - 1:29 p.m.

CVE-2019-12727

2019-06-0413:29:00

CWE-125

[email protected]

web.nvd.nist.gov

110

ubiquiti

aircam

3.1.4

cve-2019-12727

denial of service

rtsp service

nvd

vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.3%

JSON

On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers.

Affected configurations

NVD

Node

uiaircam_firmwareMatch3.1.4

AND

uiaircamMatch-

CPENameOperatorVersion
ui:aircam_firmwareui aircam firmwareeq3.1.4

CPE	Name	Operator	Version
ui:aircam_firmware	ui aircam firmware	eq	3.1.4

References

github.com/X-C3LL/PoC-CVEs/blob/master/Aircam-DoS/Aircam-DoS.py

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for CVE-2019-12727

nvd1 prion1 cvelist1