CVE-2024-45179 (GCVE-0-2024-45179)
Vulnerability from cvelistv5 – Published: 2024-10-09 00:00 – Updated: 2024-10-09 14:07
VLAI?
Summary
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-09T04:03:35.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/23"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:za-internet:c-mor_video_surveillance:5.2401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c-mor_video_surveillance",
"vendor": "za-internet",
"versions": [
{
"status": "affected",
"version": "5.2401"
}
]
},
{
"cpes": [
"cpe:2.3:a:za-internet:c-mor_video_surveillance:6.00pl01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c-mor_video_surveillance",
"vendor": "za-internet",
"versions": [
{
"status": "affected",
"version": "6.00pl01"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45179",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:44:22.509364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289 Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:07:50.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T03:49:34.491736",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45179",
"datePublished": "2024-10-09T00:00:00",
"dateReserved": "2024-08-22T00:00:00",
"dateUpdated": "2024-10-09T14:07:50.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en za-internet C-MOR Video Surveillance 5.2401 y 6.00PL01. Debido a una validaci\\u00f3n de entrada insuficiente, la interfaz web de C-MOR es vulnerable a ataques de inyecci\\u00f3n de comandos del SO. Se descubri\\u00f3 que diferentes funciones son vulnerables a ataques de inyecci\\u00f3n de comandos del SO, por ejemplo, para generar nuevos certificados X.509 o configurar la zona horaria. Estas vulnerabilidades de inyecci\\u00f3n de comandos del SO en el script generatesslreq.pml se pueden explotar como un usuario autenticado con privilegios bajos para ejecutar comandos en el contexto del usuario Linux www-data a trav\\u00e9s de metacaracteres de shell en datos HTTP POST (por ejemplo, el par\\u00e1metro city). La vulnerabilidad de inyecci\\u00f3n de comandos del SO en el script settimezone.pml o setdatetime.pml (por ejemplo, a trav\\u00e9s del par\\u00e1metro year) requiere un usuario administrativo para la interfaz web de C-MOR. Al explotar tambi\\u00e9n una vulnerabilidad de escalada de privilegios, es posible ejecutar comandos en el sistema C-MOR con privilegios de root.\"}]",
"id": "CVE-2024-45179",
"lastModified": "2024-11-21T09:37:25.703",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2024-10-09T04:15:09.487",
"references": "[{\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Sep/23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1289\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45179\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-10-09T04:15:09.487\",\"lastModified\":\"2025-09-04T16:34:49.070\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en za-internet C-MOR Video Surveillance 5.2401 y 6.00PL01. Debido a una validaci\u00f3n de entrada insuficiente, la interfaz web de C-MOR es vulnerable a ataques de inyecci\u00f3n de comandos del SO. Se descubri\u00f3 que diferentes funciones son vulnerables a ataques de inyecci\u00f3n de comandos del SO, por ejemplo, para generar nuevos certificados X.509 o configurar la zona horaria. Estas vulnerabilidades de inyecci\u00f3n de comandos del SO en el script generatesslreq.pml se pueden explotar como un usuario autenticado con privilegios bajos para ejecutar comandos en el contexto del usuario Linux www-data a trav\u00e9s de metacaracteres de shell en datos HTTP POST (por ejemplo, el par\u00e1metro city). La vulnerabilidad de inyecci\u00f3n de comandos del SO en el script settimezone.pml o setdatetime.pml (por ejemplo, a trav\u00e9s del par\u00e1metro year) requiere un usuario administrativo para la interfaz web de C-MOR. Al explotar tambi\u00e9n una vulnerabilidad de escalada de privilegios, es posible ejecutar comandos en el sistema C-MOR con privilegios de root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:c-mor:c-mor_video_surveillance:5.2401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8467E7B9-C540-49FD-A52B-A0BC41398EE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:c-mor:c-mor_video_surveillance:6.00:patch_level_01:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6CF9182-CFDB-411A-AFFD-2D766347035A\"}]}]}],\"references\":[{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Sep/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2024/Sep/23\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-09T04:03:35.949Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45179\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T13:44:22.509364Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:za-internet:c-mor_video_surveillance:5.2401:*:*:*:*:*:*:*\"], \"vendor\": \"za-internet\", \"product\": \"c-mor_video_surveillance\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.2401\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:za-internet:c-mor_video_surveillance:6.00pl01:*:*:*:*:*:*:*\"], \"vendor\": \"za-internet\", \"product\": \"c-mor_video_surveillance\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.00pl01\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"CWE-1289 Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T14:00:06.968Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-10-09T03:49:34.491736\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45179\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T14:07:50.564Z\", \"dateReserved\": \"2024-08-22T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-10-09T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…