nvd-json-data-feeds/CVE-2024/CVE-2024-451xx/CVE-2024-45171.json

{
  "id": "CVE-2024-45171",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-09-05T16:15:08.477",
  "lastModified": "2024-09-05T18:35:10.600",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory \"/srv/www/backups\" on the C-MOR system, and can thus be accessed via the URL https://<HOST>/backup/upload_<FILENAME>. Due to broken access control, low-privileged authenticated users can also use this file upload functionality."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en za-internet C-MOR Video Surveillance 5.2401. Debido a una validaci\u00f3n incorrecta de la entrada de usuario, es posible cargar archivos peligrosos, por ejemplo, c\u00f3digo PHP, al sistema C-MOR. Al analizar la interfaz web de C-MOR, se descubri\u00f3 que la funci\u00f3n de carga de archivos de respaldo permite que un usuario autenticado cargue archivos arbitrarios. La \u00fanica condici\u00f3n es que el nombre del archivo contenga una cadena .cbkf. Por lo tanto, webshell.cbkf.php se considera un nombre de archivo v\u00e1lido para la aplicaci\u00f3n web C-MOR. Los archivos cargados se almacenan dentro del directorio \"/srv/www/backups\" en el sistema C-MOR y, por lo tanto, se puede acceder a ellos a trav\u00e9s de la URL https:///backup/upload_. Debido a un control de acceso defectuoso, los usuarios autenticados con pocos privilegios tambi\u00e9n pueden utilizar esta funci\u00f3n de carga de archivos."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-026.txt",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030",
      "source": "cve@mitre.org"
    }
  ]
}