Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-26035
HistoryFeb 25, 2023 - 12:00 a.m.

CVE-2023-26035

2023-02-2500:00:00
ubuntu.com
ubuntu.com
12
zoneminder
remote code execution
vulnerability
unauthenticated
authorization
permission check
linux
cctv
software
ip
usb
analog cameras
shell_exec
cve-2023-26035

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.969

Percentile

99.7%

JSON

ZoneMinder is a free, open source Closed-circuit television software
application for Linux which supports IP, USB and Analog cameras. Versions
prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code
Execution via Missing Authorization. There are no permissions check on the
snapshot action, which expects an id to fetch an existing monitor but can
be passed an object to create a new one instead. TriggerOn ends up calling
shell_exec using the supplied Id. This issue is fixed in This issue is
fixed in versions 1.36.33 and 1.37.33.

Related

alpinelinux 1
rapid7blog 1
packetstorm 2
githubexploit 5
prion 1
cve 1
zdt 2
nuclei 1
debiancve 1
cvelist 1
veracode 1
osv 1
nvd 1
metasploit 1
exploitdb 1
openvas 1
alpinelinux
alpinelinux
CVE-2023-26035
2023-02-25 02:15:13
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-11-17 18:41:17
packetstorm
packetstorm
ZoneMinder Snapshots Remote Code Execution
2024-03-19 00:00:00
ZoneMinder Snapshots Command Injection
2023-11-14 00:00:00
githubexploit
githubexploit
Exploit for Missing Authorization in Zoneminder
2023-12-11 19:23:13
Exploit for Missing Authorization in Zoneminder
2023-12-12 14:44:19
Exploit for Missing Authorization in Zoneminder
2023-12-13 15:40:24
prion
prion
Remote code execution
2023-02-25 02:15:00
cve
cve
CVE-2023-26035
2023-02-25 02:15:13
zdt
zdt
ZoneMinder Snapshots < 1.37.33 - Unauthenticated Remote Code Execution Exploit
2024-03-18 00:00:00
ZoneMinder Snapshots Command Injection Exploit
2023-11-14 00:00:00
nuclei
nuclei
ZoneMinder Snapshots - Command Injection
2023-12-19 16:43:11
debiancve
debiancve
CVE-2023-26035
2023-02-25 02:15:13
cvelist
cvelist
CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization
2023-02-25 01:07:01
veracode
veracode
Authentication Bypass
2023-03-09 09:24:25
osv
osv
CVE-2023-26035
2023-02-25 02:15:13
nvd
nvd
CVE-2023-26035
2023-02-25 02:15:13
metasploit
metasploit
ZoneMinder Snapshots Command Injection
2023-10-06 16:47:30
exploitdb
exploitdb
ZoneMinder Snapshots &lt; 1.37.33 - Unauthenticated RCE
2024-03-18 00:00:00
openvas
openvas
ZoneMinder < 1.36.33, 1.37.x < 1.37.33 Multiple Vulnerabilities
2023-02-27 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.969

Percentile

99.7%

JSON
Related for UB:CVE-2023-26035
alpinelinux1rapid7blog1packetstorm2githubexploit5prion1cve1zdt2nuclei1debiancve1cvelist1veracode1osv1nvd1metasploit1exploitdb1openvas1