CVE-2013-1595 - OpenCVE

A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vivotek	Pt7135 Pt7135 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:vivotek:pt7135_firmware:0300a:::::::*
	cpe:2.3:o:vivotek:pt7135_firmware:0400a:::::::*

cpe:2.3:h:vivotek:pt7135:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/59573
https://exchange.xforce.ibmcloud.com/vulnerabilities/83944
https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt
https://packetstormsecurity.com/files/cve/CVE-2013-1595
https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-24T17:10:08

Updated: 2024-08-06T15:04:49.545Z

Reserved: 2013-02-04T00:00:00

Link: CVE-2013-1595

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-24T18:15:11.913

Modified: 2020-01-27T18:29:05.047

Link: CVE-2013-1595

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-24T17:39:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/59573"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944"}, {"tags": ["x_refsource_MISC"], "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.securityfocus.com/bid/59573", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/59573"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944"}, {"name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", "refsource": "MISC", "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities"}, {"name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", "refsource": "MISC", "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt"}, {"name": "https://packetstormsecurity.com/files/cve/CVE-2013-1595", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:04:49.545Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/59573"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1595", "datePublished": "2020-01-24T17:10:08", "dateReserved": "2013-02-04T00:00:00", "dateUpdated": "2024-08-06T15:04:49.545Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vivotek:pt7135_firmware:0300a:*:*:*:*:*:*:*", "matchCriteriaId": "C502822B-8D6A-4415-9BDF-87D871EA56A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vivotek:pt7135_firmware:0400a:*:*:*:*:*:*:*", "matchCriteriaId": "45BA97A0-8179-415B-9DBA-0C9A83D78076", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:vivotek:pt7135:-:*:*:*:*:*:*:*", "matchCriteriaId": "C775AFA9-DBFF-497B-B459-0F3D180DA195", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en Vivotek PT7135 IP Camera versiones 0300a y 0400a, por medio de un paquete especialmente dise\u00f1ado en el campo de encabezado Authorization enviado al servicio RTSP, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar un c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio."}], "id": "CVE-2013-1595", "lastModified": "2020-01-27T18:29:05.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-24T18:15:11.913", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/59573"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}