Versio.io

CVE-2021-27392

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 22-04-2021 11:15
Last modified: - 25-04-2022 07:05
Total changes: - 3

Description

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2018 AND update=r2
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2018 AND update=r3
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2019 AND update=r1
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2019 AND update=r2
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2019 AND update=r3
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2020 AND update=r1
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2020 AND update=r2
vendor=siemens AND product=siveillance_video_open_network_bridge AND version=2020 AND update=r3
 

Reference

 


Keywords

NVD

 

CVE-2021-27392

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.