Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-26035
HistoryFeb 25, 2023 - 2:15 a.m.

CVE-2023-26035

2023-02-2502:15:13
Google
osv.dev
6
zoneminder
remote code execution
unauthenticated
vulnerability
linux
cctv
ip cameras
usb cameras
analog cameras

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

Related

alpinelinux 1
rapid7blog 1
prion 1
cve 1
zdt 2
packetstorm 2
nuclei 1
cvelist 1
debiancve 1
githubexploit 5
ubuntucve 1
veracode 1
nvd 1
metasploit 1
exploitdb 1
openvas 1
alpinelinux
alpinelinux
CVE-2023-26035
2023-02-25 02:15:13
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-11-17 18:41:17
prion
prion
Remote code execution
2023-02-25 02:15:00
cve
cve
CVE-2023-26035
2023-02-25 02:15:13
zdt
zdt
ZoneMinder Snapshots < 1.37.33 - Unauthenticated Remote Code Execution Exploit
2024-03-18 00:00:00
ZoneMinder Snapshots Command Injection Exploit
2023-11-14 00:00:00
packetstorm
packetstorm
ZoneMinder Snapshots Command Injection
2023-11-14 00:00:00
ZoneMinder Snapshots Remote Code Execution
2024-03-19 00:00:00
nuclei
nuclei
ZoneMinder Snapshots - Command Injection
2023-12-19 16:43:11
cvelist
cvelist
CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization
2023-02-25 01:07:01
debiancve
debiancve
CVE-2023-26035
2023-02-25 02:15:13
githubexploit
githubexploit
Exploit for Missing Authorization in Zoneminder
2023-12-12 14:44:19
Exploit for Missing Authorization in Zoneminder
2023-12-11 19:23:13
Exploit for Missing Authorization in Zoneminder
2023-12-13 15:40:24
ubuntucve
ubuntucve
CVE-2023-26035
2023-02-25 00:00:00
veracode
veracode
Authentication Bypass
2023-03-09 09:24:25
nvd
nvd
CVE-2023-26035
2023-02-25 02:15:13
metasploit
metasploit
ZoneMinder Snapshots Command Injection
2023-10-06 16:47:30
exploitdb
exploitdb
ZoneMinder Snapshots &lt; 1.37.33 - Unauthenticated RCE
2024-03-18 00:00:00
openvas
openvas
ZoneMinder < 1.36.33, 1.37.x < 1.37.33 Multiple Vulnerabilities
2023-02-27 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON
Related for OSV:CVE-2023-26035
alpinelinux1rapid7blog1prion1cve1zdt2packetstorm2nuclei1cvelist1debiancve1githubexploit5ubuntucve1veracode1nvd1metasploit1exploitdb1openvas1