Lucene search

[email protected]CVE-2020-27541

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-27541

2021-01-2618:15:46

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-27541

rostelecom

cs-c2shw

denial of service

vulnerability

nvd

agentgreen

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

59.6%

JSON

Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.

Affected configurations

NVD

Node

companycs-c2shwMatch-

AND

companycs-c2shw_firmwareMatch5.0.082.1

CPENameOperatorVersion
company:cs-c2shw_firmwarecompany cs-c2shw firmwareeq5.0.082.1

CPE	Name	Operator	Version
company:cs-c2shw_firmware	company cs-c2shw firmware	eq	5.0.082.1

References

dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2020-27541

cvelist1 nvd1 prion1