Vulnerability Spotlight: Multiple Vulnerabilities in Sony IPELA E Series Camera

Vulnerabilities discovered by Cory Duplantis and Claudio Bozzato of Cisco Talos.

Overview

Today, Cisco Talos is disclosing several vulnerabilities discovered with the Sony IPELA E Series Network Camera. Sony IPELA Cameras are network-facing cameras used for monitoring and surveillance.

TALOS-2018-0604 - Sony IPELA E Series Camera measurementBitrateExec Command Injection Vulnerability (CVE-2018-3937)

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. Detailed vulnerability information can be found here.

TALOS-2018-0605 - Sony IPELA E Series Camera 802dot1xclientcert Remote Code Execution Vulnerability (CVE-2018-3938)

An exploitable stack buffer overflow vulnerability exists in the “802dot1xclientcert.cgi” functionality of Sony IPELA E Series Camera. A specially crafted POST request can cause a stack buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. Detailed vulnerability information can be found here.

Tested Versions:

Sony IPELA E series G5 firmware 1.87.00

Coverage

The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.

Snort Rules: 46867-46869, 46877

For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal: <http://www.talosintelligence.com/vulnerability-reports/&gt;

To review our Vulnerability Disclosure Policy, please visit this site:
<http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html&gt;