CVE-2021-27232

{"id": "CVE-2021-27232", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-02-16T15:15:13.647", "references": [{"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."}, {"lang": "es", "value": "El control ActiveX RTSPLive555.dll en Pelco Digital Sentry Server versi\u00f3n 7.18.72.11464, presenta un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n SetCameraConnectionParameter. Esto puede ser explotado por un atacante remoto para ejecutar potencialmente c\u00f3digo arbitrario suministrado por el atacante. La v\u00edctima tendr\u00eda que visitar una p\u00e1gina web maliciosa usando Internet Explorer donde se podr\u00eda desencadenar el exploit"}], "lastModified": "2024-11-21T05:57:38.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pelco:digital_sentry_server:7.18.72.11464:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84039097-D4AD-40FC-B43A-17CEC8286EE2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}