Lucene search

[email protected]CVE-2019-12502

HistoryMay 31, 2019 - 1:29 p.m.

CVE-2019-12502

2019-05-3113:29:00

CWE-352

[email protected]

web.nvd.nist.gov

134

mobotix

s14

mx-v4.2.1.61

cameras

csrf

countermeasures

cve-2019-12502

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.

Affected configurations

NVD

Node

mobotixs14Match-

AND

mobotixs14_firmwareMatchmx-v4.2.1.61

CPENameOperatorVersion
mobotix:s14_firmwaremobotix s14 firmwareeqmx-v4.2.1.61

CPE	Name	Operator	Version
mobotix:s14_firmware	mobotix s14 firmware	eq	mx-v4.2.1.61

References

gist.github.com/llandeilocymro/55a61e3730cdef56ab5806a677ba0891

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

Related for CVE-2019-12502

prion1 cvelist1 nvd1 nessus1