CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.2%
ZoneMinder is prone to an object injection vulnerability.
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.112470");
script_version("2023-07-20T05:05:18+0000");
script_tag(name:"last_modification", value:"2023-07-20 05:05:18 +0000 (Thu, 20 Jul 2023)");
script_tag(name:"creation_date", value:"2018-12-21 15:31:10 +0100 (Fri, 21 Dec 2018)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
script_cve_id("CVE-2018-1000832", "CVE-2018-1000833");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("ZoneMinder < 1.32.3 Object Injection Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_zoneminder_detect.nasl");
script_mandatory_keys("zoneminder/installed");
script_tag(name:"summary", value:"ZoneMinder is prone to an object injection vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"PHP Object Deserialization Injection attacks utilise the unserialize
function within PHP. The deserialisation of the PHP object can trigger certain methods within the object,
allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc.
The ZoneMinder project overly trusted user input when processing the data obtained from a form.");
script_tag(name:"impact", value:"Successful exploitation would allow an attacker to perform unauthorised operating system commands on the target server.");
script_tag(name:"affected", value:"ZoneMinder through version 1.32.2.");
script_tag(name:"solution", value:"Update to ZoneMinder version 1.32.3 or later.");
script_xref(name:"URL", value:"https://github.com/ZoneMinder/zoneminder/releases");
script_xref(name:"URL", value:"https://0dd.zone/2018/10/28/zoneminder-Object-Injection/");
script_xref(name:"URL", value:"https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2/");
script_xref(name:"URL", value:"https://github.com/ZoneMinder/zoneminder/issues/2271");
script_xref(name:"URL", value:"https://github.com/ZoneMinder/zoneminder/issues/2272");
exit(0);
}
CPE = "cpe:/a:zoneminder:zoneminder";
include("host_details.inc");
include("version_func.inc");
if(!port = get_app_port(cpe: CPE))
exit(0);
if(!version = get_app_version(cpe: CPE, port: port))
exit(0);
if(version_is_less(version: version, test_version: "1.32.3")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.32.3");
security_message(port: port, data: report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.2%