CVE-2022-4621 - OpenCVE

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Panasonic	Vcc-hd3300p Vcc-hd2100p Vcc-hd2100p Firmware Vcc-hd3300 Vcc-hd3100p Firmware Vcc-hd3300p Firmware Vcc-hd3100p Vcc-hd5600p Firmware Vcc-hd3300 Firmware Vcc-hd5600p

Configuration 1 [-]

AND

cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:::::::*
	cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:::::::*

cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*

References

Link	Resource
https://archives.connect.panasonic.com/security/sanyo/index.html	Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-17T16:36:58.518Z

Updated:

Reserved: 2022-12-20T20:32:16.035Z

Link: CVE-2022-4621

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-17T17:15:11.730

Modified: 2023-11-07T03:58:22.430

Link: CVE-2022-4621

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-4621", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-12-20T20:32:16.035Z", "datePublished": "2023-01-17T16:36:58.518Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sanyo CCTV Network Camera", "vendor": "Panasonic", "versions": [{"status": "affected", "version": "VCC-HD5600P version 2.03-06 "}, {"status": "affected", "version": "VDC-HD3300P version 2.03-08 "}, {"status": "affected", "version": "VDC-HD3300P version 1.02-05 "}, {"status": "affected", "version": "VCC-HD3300 version 2.03-02 "}, {"status": "affected", "version": "VDC-HD3100P version 2.03-00 "}, {"status": "affected", "version": "VCC-HD2100P version 2.03-02 "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gjoko Krstic of Zero Science Lab"}], "datePublic": "2023-01-12T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nPanasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n<p></p>"}], "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-17T16:36:58.518Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Panasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://archives.connect.panasonic.com/security/sanyo/index.html\">advisory</a><span style=\"background-color: rgb(255, 255, 255);\">. All repair requests and other support requests via email or phone will be available.</span>\n\n<br>"}], "value": "\nPanasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this advisory https://archives.connect.panasonic.com/security/sanyo/index.html . All repair requests and other support requests via email or phone will be available.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Panasonic Sanyo CCTV Network Camera", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*", "matchCriteriaId": "6092D5A0-D160-419D-9331-474596BDC352", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEEE23B6-A8AF-4DFE-8DA4-7F1D8866204E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:*:*:*:*:*:*:*", "matchCriteriaId": "4FACF605-7033-4B1A-9BEA-EB73FAC16701", "vulnerable": true}, {"criteria": "cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:*:*:*:*:*:*:*", "matchCriteriaId": "5D068E9E-EF01-4054-A3E5-DEB3D2F88483", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47AC573-A35B-4643-A768-6BA516FFC915", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*", "matchCriteriaId": "0C8B7EDD-1958-4502-84EA-40AA4D6A7EFB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F45BFB2-D9FE-4E19-A93C-C527B249421A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*", "matchCriteriaId": "175E7140-7D6E-4875-97D1-76F89F0DD0BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*", "matchCriteriaId": "58EB1D22-E611-4C6D-9208-82E5BD18C4E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*", "matchCriteriaId": "348D6672-A6C5-4C69-B1A6-BC4B8DD3D2C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7FEAB1E-2A1F-45F8-B317-CBBE242FFD03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n"}, {"lang": "es", "value": "Las c\u00e1maras de red Panasonic Sanyo CCTV en las versiones 1.02-05 y 2.03-0x son vulnerables a CSRF que pueden explotarse permitiendo que un atacante realice cambios con privilegios de nivel de administrador."}], "id": "CVE-2022-4621", "lastModified": "2023-11-07T03:58:22.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-01-17T17:15:11.730", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}