Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-5994
HistoryAug 06, 2019 - 7:15 p.m.

CVE-2019-5994

2019-08-0619:15:13
CWE-119
[email protected]
web.nvd.nist.gov
28
cve-2019-5994
buffer overflow
eos series
digital cameras
powershot
remote attack
arbitrary code execution
ptp
nvd

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via SendObjectInfo command.

Affected configurations

NVD
Node
canoneos-1d_x_firmwareRange≀2.1.0
AND
canoneos-1d_xMatch-
Node
canoneos-1d_x_mkii_firmwareRange≀1.1.6
AND
canoneos-1d_x_mkiiMatch-
Node
canoneos-1d_c_firmwareRange≀1.4.1
AND
canoneos-1d_cMatch-
Node
canoneos_5d_mark_iii_firmwareRange≀1.3.5
AND
canoneos_5d_mark_iiiMatch-
Node
canoneos_5d_mark_iv_firmwareRange≀1.2.0
AND
canoneos_5d_mark_ivMatch-
Node
canoneos_5ds_firmwareRange≀1.1.2
AND
canoneos_5dsMatch-
Node
canoneos_5ds_r_firmwareRange≀1.1.2
AND
canoneos_5ds_rMatch-
Node
canoneos_6d_firmwareRange≀1.1.8
AND
canoneos_6dMatch-
Node
canoneos_7d_mark_ii_firmwareRange≀1.1.2
AND
canoneos_7d_mark_iiMatch-
Node
canoneos_70d_firmwareRange≀1.1.2
AND
canoneos_70dMatch-
Node
canoneos_80d_firmwareRange≀1.0.2
AND
canoneos_80dMatch-
Node
canoneos_kiss_x7i_firmwareRange≀1.1.5
AND
canoneos_kiss_x7iMatch-
Node
canoneos_d_rebel_t5i_firmwareRange≀1.1.5
AND
canoneos_d_rebel_t5iMatch-
Node
canoneos_700d_firmwareRange≀1.1.5
AND
canoneos_700dMatch-
Node
canoneos_kiss_x8i_firmwareRange≀1.0.0
AND
canoneos_kiss_x8iMatch-
Node
canoneos_d_rebel_t6iMatch-
AND
canoneos_d_rebel_t6i_firmwareRange≀1.0.0
Node
canoneos_750dMatch-
AND
canoneos_750d_firmwareRange≀1.0.0
Node
canoneos_kiss_x9iMatch-
AND
canoneos_kiss_x9i_firmwareRange≀1.0.1
Node
canoneos_d_rebel_t7iMatch-
AND
canoneos_d_rebel_t7i_firmwareRange≀1.0.1
Node
canoneos_800dMatch-
AND
canoneos_800d_firmwareRange≀1.0.1
Node
canoneos_kiss_x7Match-
AND
canoneos_kiss_x7_firmwareRange≀1.0.1
Node
canoneos_d_rebel_sl1Match-
AND
canoneos_d_rebel_sl1_firmwareRange≀1.0.1
Node
canoneos_100d_firmwareRange≀1.0.1
AND
canoneos_100dMatch-
Node
canoneos_kiss_x9_firmwareRange≀1.0.1
AND
canoneos_kiss_x9Match-
Node
canoneos_d_rebel_sl2_firmwareRange≀1.0.1
AND
canoneos_d_rebel_sl2Match-
Node
canoneos_200d_firmwareRange≀1.0.1
AND
canoneos_200dMatch-
Node
canoneos_kiss_x10_firmwareRange≀1.0.1
AND
canoneos_kiss_x10Match-
Node
canoneos_d_rebel_sl3_firmwareRange≀1.0.1
AND
canoneos_d_rebel_sl3Match-
Node
canoneos_200d_firmwareRange≀1.0.1
AND
canoneos_200dMatch-
Node
canoneos_250d_firmwareRange≀1.0.1
AND
canoneos_250dMatch-
Node
canoneos_8000d_firmwareRange≀1.0.0
AND
canoneos_8000dMatch-
Node
canoneos_d_rebel_t6s_firmwareRange≀1.0.0
AND
canoneos_d_rebel_t6sMatch-
Node
canoneos_760d_firmwareRange≀1.0.0
AND
canoneos_760dMatch-
Node
canoneos_9000d_firmwareRange≀1.0.2
AND
canoneos_9000dMatch-
Node
canoneos_77d_firmwareRange≀1.0.2
AND
canoneos_77dMatch-
Node
canoneos_kiss_x70_firmwareRange≀1.0.2
AND
canoneos_kiss_x70Match-
Node
canoneos_d_rebel_t5_firmwareRange≀1.0.2
AND
canoneos_d_rebel_t5Match-
Node
canoneos_1200d_firmwareRange≀1.0.2
AND
canoneos_1200dMatch-
Node
canoneos_d_rebel_t5_re_firmwareRange≀1.0.2
AND
canoneos_d_rebel_t5_reMatch-
Node
canoneos_1200d_mg_firmwareRange≀1.0.2
AND
canoneos_1200d_mgMatch-
Node
canoneos_hi_firmwareRange≀1.0.2
AND
canoneos_hiMatch-
Node
canoneos_kiss_x80_firmwareRange≀1.1.0
AND
canoneos_kiss_x80Match-
Node
canoneos_d_rebel_t6_firmwareRange≀1.1.0
AND
canoneos_d_rebel_t6Match-
Node
canoneos_1300d_firmwareRange≀1.1.0
AND
canoneos_1300dMatch-
Node
canoneos_kiss_x90_firmwareRange≀1.0.0
AND
canoneos_kiss_x90Match-
Node
canoneos_d_rebel_t7_firmwareRange≀1.0.0
AND
canoneos_d_rebel_t7Match-
Node
canoneos_1500d_firmwareRange≀1.0.0
AND
canoneos_1500dMatch-
Node
canoneos_2000d_firmwareRange≀1.0.0
AND
canoneos_2000dMatch-
Node
canoneos_d_rebel_t100_firmwareRange≀1.0.0
AND
canoneos_d_rebel_t100Match-
Node
canoneos_3000d_firmwareRange≀1.0.0
AND
canoneos_3000dMatch-
Node
canoneos_4000d_firmwareRange≀1.0.0
AND
canoneos_4000dMatch-
Node
canoneos_r_firmwareRange≀1.3.0
AND
canoneos_rMatch-
Node
canoneos_rp_firmwareRange≀1.2.0
AND
canoneos_rpMatch-
Node
canoneos_rp_gold_firmwareRange≀1.2.0
AND
canoneos_rp_goldMatch-
Node
canoneos_m2_firmwareRange≀1.0.3
AND
canoneos_m2Match-
Node
canoneos_m3_firmwareRange≀1.2.0
AND
canoneos_m3Match-
Node
canoneos_m5_firmwareRange≀1.0.1
AND
canoneos_m5Match-
Node
canoneos_m6_firmwareRange≀1.0.1
AND
canoneos_m6Match-
Node
canoneos_m6\(china\)_firmwareRange≀5.0.0
AND
canoneos_m6\(china\)Match-
Node
canoneos_m10_firmwareRange≀1.1.0
AND
canoneos_m10Match-
Node
canoneos_m100_firmwareRange≀1.0.0
AND
canoneos_m100Match-
Node
canoneos_kiss_m_firmwareRange≀1.0.2
AND
canoneos_kiss_mMatch-
Node
canoneos_m50_firmwareRange≀1.0.2
AND
canoneos_m50Match-
Node
canonpowershot_sx740_hs_firmwareRange≀1.0.1
AND
canonpowershot_sx740_hsMatch-
Node
canonpowershot_sx70_hs_firmwareRange≀1.1.0
AND
canonpowershot_sx70_hsMatch-
Node
canonpowershot_g5xmark_ii_firmwareRange≀1.0.1
AND
canonpowershot_g5xmark_iiMatch-
Node
canoneos_6d_mark_ii_firmwareRange≀1.0.4
AND
canoneos_6d_mark_iiMatch-

CNA Affected

[
  {
    "product": "EOS series digital cameras, PowerShot SX740 HS,  PowerShot SX70 HS, and PowerShot G5Xmarkβ…‘",
    "vendor": "Canon, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "(EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D RE ...[truncated*]"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
checkpoint_advisories 1
thn 1
threatpost 1
prion
prion
Buffer overflow
2019-08-06 19:15:00
nvd
nvd
CVE-2019-5994
2019-08-06 19:15:13
cvelist
cvelist
CVE-2019-5994
2019-08-06 18:41:11
checkpoint_advisories
checkpoint_advisories
DSLR Cameras PTP/IP Multiple Buffer Overflow Vulnerabilities (CVE-2019-5994; CVE-2019-5999; CVE-2019-6000)
2019-08-06 00:00:00
thn
thn
Canon DSLR Cameras Can Be Hacked With Ransomware Remotely
2019-08-12 08:25:00
threatpost
threatpost
DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR
2019-08-11 18:00:37

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON
Related for CVE-2019-5994
prion1nvd1cvelist1checkpoint_advisories1thn1threatpost1