Description
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder
through 1.32.3 as a session remains active for an authenticated user even
after deletion from the users table. This allows a nonexistent user to
access and modify records (add/delete Monitors, Users, etc.).
Affected Package
Related
{"id": "UB:CVE-2019-7347", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2019-7347", "description": "A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder\nthrough 1.32.3 as a session remains active for an authenticated user even\nafter deletion from the users table. This allows a nonexistent user to\naccess and modify records (add/delete Monitors, Users, etc.).", "published": "2019-02-04T00:00:00", "modified": "2019-02-04T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.0}, "severity": "MEDIUM", "exploitabilityScore": 6.8, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://ubuntu.com/security/CVE-2019-7347", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347", "https://github.com/ZoneMinder/zoneminder/issues/2476", "https://nvd.nist.gov/vuln/detail/CVE-2019-7347", "https://launchpad.net/bugs/cve/CVE-2019-7347", "https://security-tracker.debian.org/tracker/CVE-2019-7347"], "cvelist": ["CVE-2019-7347"], "immutableFields": [], "lastseen": "2023-01-27T14:00:10", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-7347"]}, {"type": "cnvd", "idList": ["CNVD-2022-57812"]}, {"type": "cve", "idList": ["CVE-2019-7347"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-7347"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112506"]}, {"type": "veracode", "idList": ["VERACODE:32309"]}]}, "score": {"value": 4.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-7347"]}, {"type": "cve", "idList": ["CVE-2019-7347"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-7347"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112506"]}]}, "exploitation": null, "vulnersScore": 4.8}, "_state": {"dependencies": 1674828322, "score": 1674830054}, "_internal": {"score_hash": "de29d365b17c7f5daf6f7987bdf696d3"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "zoneminder"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "zoneminder"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "zoneminder"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "zoneminder"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "zoneminder"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "zoneminder"}], "bugs": []}
{"veracode": [{"lastseen": "2022-07-17T12:52:56", "description": "zoneminder is vulnerable to privilege escalation. The vulnerability exists due to a Time-of-check Time-of-use (TOCTOU) Race Condition.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-30T05:57:26", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7347"], "modified": "2022-04-19T18:32:41", "id": "VERACODE:32309", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32309/summary", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2021-10-20T20:34:22", "description": "A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-04T19:29:00", "type": "alpinelinux", "title": "CVE-2019-7347", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7347"], "modified": "2020-08-24T17:37:00", "id": "ALPINE:CVE-2019-7347", "href": "https://security.alpinelinux.org/vuln/CVE-2019-7347", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-11-28T06:11:31", "description": "A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-04T19:29:00", "type": "debiancve", "title": "CVE-2019-7347", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7347"], "modified": "2019-02-04T19:29:00", "id": "DEBIANCVE:CVE-2019-7347", "href": "https://security-tracker.debian.org/tracker/CVE-2019-7347", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-24T00:28:17", "description": "A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-04T19:29:00", "type": "cve", "title": "CVE-2019-7347", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7347"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:zoneminder:zoneminder:1.32.3"], "id": "CVE-2019-7347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7347", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*"]}], "cnvd": [{"lastseen": "2022-08-19T17:06:03", "description": "ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A competing condition vulnerability exists in ZoneMinder 1.32.3 and prior versions, which can be exploited by remote attackers to access and modify records.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T00:00:00", "type": "cnvd", "title": "ZoneMinder Competition Conditions Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7347"], "modified": "2022-08-19T00:00:00", "id": "CNVD-2022-57812", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-57812", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-02-07T15:46:53", "description": "ZoneMinder is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-02-05T00:00:00", "type": "openvas", "title": "ZoneMinder < 1.34.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7345", "CVE-2019-7336", "CVE-2019-7344", "CVE-2019-7350", "CVE-2019-7328", "CVE-2019-7347", "CVE-2019-7351", "CVE-2019-7348", "CVE-2019-7338", "CVE-2019-7334", "CVE-2019-7337", "CVE-2019-7335", "CVE-2019-7327", "CVE-2019-7333", "CVE-2019-7342", "CVE-2019-7340", "CVE-2019-7326", "CVE-2019-7341", "CVE-2019-7330", "CVE-2019-7352", "CVE-2019-7346", "CVE-2019-7329", "CVE-2019-7339", "CVE-2019-7349", "CVE-2019-7325", "CVE-2019-7343", "CVE-2019-7331", "CVE-2019-7332"], "modified": "2020-02-06T00:00:00", "id": "OPENVAS:1361412562310112506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112506", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112506\");\n script_version(\"2020-02-06T16:43:19+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-06 16:43:19 +0000 (Thu, 06 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-05 11:16:13 +0100 (Tue, 05 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-7325\", \"CVE-2019-7326\", \"CVE-2019-7327\", \"CVE-2019-7328\", \"CVE-2019-7329\",\n \"CVE-2019-7330\", \"CVE-2019-7331\", \"CVE-2019-7332\", \"CVE-2019-7333\", \"CVE-2019-7334\", \"CVE-2019-7335\",\n \"CVE-2019-7336\", \"CVE-2019-7337\", \"CVE-2019-7338\", \"CVE-2019-7339\", \"CVE-2019-7340\", \"CVE-2019-7341\",\n \"CVE-2019-7342\", \"CVE-2019-7343\", \"CVE-2019-7344\", \"CVE-2019-7345\", \"CVE-2019-7346\", \"CVE-2019-7347\",\n \"CVE-2019-7348\", \"CVE-2019-7349\", \"CVE-2019-7350\", \"CVE-2019-7351\", \"CVE-2019-7352\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ZoneMinder < 1.34.0 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_zoneminder_detect.nasl\");\n script_mandatory_keys(\"zoneminder/installed\");\n\n script_tag(name:\"summary\", value:\"ZoneMinder is prone to multiple vulnerabilities.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Multiple self-stored, reflected and POST cross-site scripting (XSS) vulnerabilities.\n\n - Session fixation.\n\n - Cross-site request forgery.\n\n - Log injection.\n\n - A Time-of-check Time-of-use (TOCTOU) race condition.\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to execute\n HTML or JavaScript code via multiple parameters, to access and modify records (add/delete Monitors, Users, etc.),\n to inject log messages, to hijack another user's account or to have other unspecified impact on the application and its host system.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Update to ZoneMinder version 1.34.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/ZoneMinder/zoneminder/releases\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:zoneminder:zoneminder\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif(version_is_less(version: version, test_version: \"1.34.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.34.0\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2019-7347
