8.1

CVE-2024-45170

Exploit

EPSS 0.43%
Veröffentlicht 04.09.2024 17:15:14
Zuletzt bearbeitet 04.09.2025 16:30:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

C-mor ≫ C-mor Video Surveillance Version5.2401

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www-syss-de.translate.goog/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

Vendor Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-024.txt

Vendor Advisory

Exploit

http://seclists.org/fulldisclosure/2024/Sep/12

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-45170

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45170

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45170

EUVD