CVE-2019-12502 - OpenCVE

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mobotix	S14 Firmware S14

Configuration 1 [-]

AND

cpe:2.3:o:mobotix:s14_firmware:mx-v4.2.1.61:*:*:*:*:*:*:*

cpe:2.3:h:mobotix:s14:-:*:*:*:*:*:*:*

References

Link	Resource
https://gist.github.com/llandeilocymro/55a61e3730cdef56ab5806a677ba0891	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-31T12:04:55

Updated: 2019-05-31T12:04:55

Reserved: 2019-05-31T00:00:00

Link: CVE-2019-12502

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-31T13:29:00.333

Modified: 2019-05-31T14:43:29.997

Link: CVE-2019-12502

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mobotix:s14_firmware:mx-v4.2.1.61:*:*:*:*:*:*:*", "matchCriteriaId": "5E859EE3-090C-4C96-BF85-68516E6C1DA9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mobotix:s14:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF06EAA7-96C8-45DE-B439-C1315A7B897B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI."}, {"lang": "es", "value": "hay una ausencia de contramedidas para vulnerabilidad de tipo CSRF en las c\u00e1maras MOBOTIX S14 MX- versi\u00f3n V4.2.1.61, como es demostrado al agregar una cuenta de administrador mediante el archivo URI /admin/access."}], "id": "CVE-2019-12502", "lastModified": "2019-05-31T14:43:29.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-31T13:29:00.333", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/llandeilocymro/55a61e3730cdef56ab5806a677ba0891"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}