CVE-2015-4464 - OpenCVE

Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Kguardsecurity	Kg-sha108 Firmware Kg-sha108 Kg-sha104 Kg-sha104 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:kguardsecurity:kg-sha104_firmware:2.0:*:*:*:*:*:*:*

cpe:2.3:h:kguardsecurity:kg-sha104:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:kguardsecurity:kg-sha108_firmware:2.0:*:*:*:*:*:*:*

cpe:2.3:h:kguardsecurity:kg-sha108:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/535822/100/0/threaded
http://www.securityfocus.com/bid/73032	Third Party Advisory VDB Entry
https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-18T18:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2015-06-10T00:00:00

Link: CVE-2015-4464

JSON object: View

NVD Information

Status : Modified

Published: 2017-08-18T18:29:01.000

Modified: 2018-10-09T19:57:09.360

Link: CVE-2015-4464

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html"}, {"name": "20150624 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/535822/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities"}, {"name": "73032", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73032"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4464", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html"}, {"name": "20150624 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/535822/100/0/threaded"}, {"name": "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities", "refsource": "MISC", "url": "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities"}, {"name": "73032", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73032"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4464", "datePublished": "2017-08-18T18:00:00", "dateReserved": "2015-06-10T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kguardsecurity:kg-sha104_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "332627AE-1D1A-46DD-A2B1-9DD85F400486", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kguardsecurity:kg-sha104:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AAD62D9-B1A6-41FF-9AA8-423ACDEC0C88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kguardsecurity:kg-sha108_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "259AA789-26EA-4F5A-BD98-D78F3DBB24F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kguardsecurity:kg-sha108:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF27761A-A8F0-475C-948D-69F95E837FE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server."}, {"lang": "es", "value": "Kguard Digital Video Recorder 104, 108, v2 no cuenta con ning\u00fan tipo de autorizaci\u00f3n o autenticaci\u00f3n entre un cliente ActiveX y el servidor de aplicaci\u00f3n."}], "id": "CVE-2015-4464", "lastModified": "2018-10-09T19:57:09.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-18T18:29:01.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/132437/Kguard-Digital-Video-Recorder-Bypass-Issues.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/535822/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/73032"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}