5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.4%
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.
Ocularis Recorder 5.5.0.242
7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-250 - Execution with Unnecessary Privileges
This binary listens for incoming TCP connections. When a client connects to this binary and sends any non expected data, the binary will respond with βHello World!β. If the server receives the dispose command it will terminate the VMS_VA process.
this.tcpListener = new TcpListener(IPAddress.Any, 60801 + ConfigID);
Thread thread = new Thread(new ThreadStart(this.ListenForClients))
{
Name = "VA CommServer V4 Listener"
};
..........
if (str.StartsWith("dispose"))
{
this.Running = false;
bytes = Encoding.Default.GetBytes("Ack!");
}
The binary has a check to see if the receiving data starts with βdisposeβ. If it does the βthis.Runningβ variable will be set to false which results in the process killing itself. There is no authentication required for this command to go through.
N/A
$ echo "dispose" | nc -nv 192.168.56.102 60801
192.168.56.102 60801 open
Ack!
This vulnerability can be mitigated by not allowing VMS_VA.exe from accepting inbound connections. It is unclear if this will have any adverse affect on the Ocularis Recorder module as the product documentation explicitly states to allow inbound traffic to this binary.
2018-03-05 - Vendor Disclosure
2018-06-04 - Public Release
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.4%