Lucene search

Japan Vulnerability NotesJVN:42252698

HistoryFeb 04, 2021 - 12:00 a.m.

JVN#42252698: Panasonic Video Insight VMS vulnerable to arbitrary code execution

2021-02-0400:00:00

Japan Vulnerability Notes

jvn.jp

panasonic video insight

code execution

unencrypted communication

vulnerability

non-well known ports

software update

remote attacker

system user privilege

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.7%

JSON

Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability (CWE-94) because unencrypted communication exists in the communication using non-well known ports.

Impact

By sending a specially crafted request to the vulnerable product, a remoto attacker may execute arbitrary code with the system user privilege.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Products Affected

Video Insight VMS versions prior to 7.8

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.7%

JSON

Related for JVN:42252698