CVE-2022-3001

EPSS 1.01%
Veröffentlicht 15.09.2022 15:15:10
Zuletzt bearbeitet 21.11.2024 07:18:37
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Milesight ≫ Video Management Systems Firmware Version < 40.7.0.79

Milesight ≫ Video Management Systems Version- SwEditionenterprise

Milesight ≫ Video Management Systems Firmware Version40.7.0.79 Update-

Milesight ≫ Video Management Systems Version- SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.01%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vdisclose@cert-in.org.in	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0352

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3001

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3001

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3001

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3001