VAR-201502-0072
Vulnerability from variot - Updated: 2023-12-18 12:21time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. This vulnerability CVE-2015-0929 and CVE-2015-0930 Is a different vulnerability.By a third party HTTP Response cookie By using reception, you may be able to obtain the authority. SerVision HVG Video Gateway is an intelligent video gateway product from SerVision, Israel
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hvg video gateway",
"scope": "lte",
"trust": 1.8,
"vendor": "servision",
"version": "2.2.26a100"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "servision",
"version": null
},
{
"model": "hvg 400",
"scope": null,
"trust": 0.8,
"vendor": "servision",
"version": null
},
{
"model": "hvg video gateway 2.2.26a100",
"scope": null,
"trust": 0.6,
"vendor": "servision",
"version": null
},
{
"model": "hvg video gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "servision",
"version": "2.2.26a100"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#522460"
},
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:servision:hvg_video_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.26a100",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:servision:hvg400:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1469"
}
]
},
"cve": "CVE-2015-1469",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-1469",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01014",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-79430",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1469",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-069",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-79430",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "VULHUB",
"id": "VHN-79430"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. This vulnerability CVE-2015-0929 and CVE-2015-0930 Is a different vulnerability.By a third party HTTP Response cookie By using reception, you may be able to obtain the authority. SerVision HVG Video Gateway is an intelligent video gateway product from SerVision, Israel",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"db": "CERT/CC",
"id": "VU#522460"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "VULHUB",
"id": "VHN-79430"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#522460",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2015-1469",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-069",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01014",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-79430",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#522460"
},
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "VULHUB",
"id": "VHN-79430"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"id": "VAR-201502-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "VULHUB",
"id": "VHN-79430"
}
],
"trust": 1.31538464
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01014"
}
]
},
"last_update_date": "2023-12-18T12:21:04.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads - Get the latest software from SerVision",
"trust": 0.8,
"url": "http://www.servision.net/downloads/"
},
{
"title": "SerVision HVG Video Gateway devices with firmware privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55241"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79430"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "NVD",
"id": "CVE-2015-1469"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.kb.cert.org/vuls/id/522460"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/259.html"
},
{
"trust": 0.8,
"url": "http://www.servision.net/downloads/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1469"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1469"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#522460"
},
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "VULHUB",
"id": "VHN-79430"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#522460"
},
{
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"db": "VULHUB",
"id": "VHN-79430"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#522460"
},
{
"date": "2015-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"date": "2015-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-79430"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"date": "2015-02-03T22:59:05.067000",
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#522460"
},
{
"date": "2015-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01014"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79430"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001445"
},
{
"date": "2015-02-04T17:53:27.097000",
"db": "NVD",
"id": "CVE-2015-1469"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SerVision HVG Video Gateway web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#522460"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-069"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…