CVE-2021-27232 - OpenCVE

The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pelco	Digital Sentry Server

Configuration 1 [-]

cpe:2.3:a:pelco:digital_sentry_server:7.18.72.11464:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-16T14:28:40

Updated: 2024-08-03T20:48:15.879Z

Reserved: 2021-02-16T00:00:00

Link: CVE-2021-27232

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-16T15:15:13.647

Modified: 2021-02-22T21:24:06.530

Link: CVE-2021-27232

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-16T14:28:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27232", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history", "refsource": "MISC", "url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"}, {"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt", "refsource": "MISC", "url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:15.879Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27232", "datePublished": "2021-02-16T14:28:40", "dateReserved": "2021-02-16T00:00:00", "dateUpdated": "2024-08-03T20:48:15.879Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pelco:digital_sentry_server:7.18.72.11464:*:*:*:*:*:*:*", "matchCriteriaId": "84039097-D4AD-40FC-B43A-17CEC8286EE2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."}, {"lang": "es", "value": "El control ActiveX RTSPLive555.dll en Pelco Digital Sentry Server versi\u00f3n 7.18.72.11464, presenta un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n SetCameraConnectionParameter. Esto puede ser explotado por un atacante remoto para ejecutar potencialmente c\u00f3digo arbitrario suministrado por el atacante. La v\u00edctima tendr\u00eda que visitar una p\u00e1gina web maliciosa usando Internet Explorer donde se podr\u00eda desencadenar el exploit"}], "id": "CVE-2021-27232", "lastModified": "2021-02-22T21:24:06.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-16T15:15:13.647", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}