CVE-2022-4621 - OpenCVE

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Panasonic	Vcc-hd2100p Vcc-hd2100p Firmware Vcc-hd3100p Vcc-hd3100p Firmware Vcc-hd3300 Vcc-hd3300 Firmware Vcc-hd3300p Vcc-hd3300p Firmware Vcc-hd5600p Vcc-hd5600p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:::::::*
	cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:::::::*

cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://archives.connect.panasonic.com/security/sanyo/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-17T16:36:58.518Z

Updated: 2024-08-03T01:48:39.080Z

Reserved: 2022-12-20T20:32:16.035Z

Link: CVE-2022-4621

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-17T17:15:11.730

Modified: 2023-11-07T03:58:22.430

Link: CVE-2022-4621

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4621", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-12-20T20:32:16.035Z", "datePublished": "2023-01-17T16:36:58.518Z", "dateUpdated": "2024-08-03T01:48:39.080Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sanyo CCTV Network Camera", "vendor": "Panasonic", "versions": [{"status": "affected", "version": "VCC-HD5600P version 2.03-06 "}, {"status": "affected", "version": "VDC-HD3300P version 2.03-08 "}, {"status": "affected", "version": "VDC-HD3300P version 1.02-05 "}, {"status": "affected", "version": "VCC-HD3300 version 2.03-02 "}, {"status": "affected", "version": "VDC-HD3100P version 2.03-00 "}, {"status": "affected", "version": "VCC-HD2100P version 2.03-02 "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gjoko Krstic of Zero Science Lab"}], "datePublic": "2023-01-12T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nPanasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n<p></p>"}], "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-17T16:36:58.518Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Panasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://archives.connect.panasonic.com/security/sanyo/index.html\">advisory</a><span style=\"background-color: rgb(255, 255, 255);\">. All repair requests and other support requests via email or phone will be available.</span>\n\n<br>"}], "value": "\nPanasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this advisory https://archives.connect.panasonic.com/security/sanyo/index.html . All repair requests and other support requests via email or phone will be available.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Panasonic Sanyo CCTV Network Camera", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.080Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04", "tags": ["x_transferred"]}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*", "matchCriteriaId": "6092D5A0-D160-419D-9331-474596BDC352", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEEE23B6-A8AF-4DFE-8DA4-7F1D8866204E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:*:*:*:*:*:*:*", "matchCriteriaId": "4FACF605-7033-4B1A-9BEA-EB73FAC16701", "vulnerable": true}, {"criteria": "cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:*:*:*:*:*:*:*", "matchCriteriaId": "5D068E9E-EF01-4054-A3E5-DEB3D2F88483", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47AC573-A35B-4643-A768-6BA516FFC915", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*", "matchCriteriaId": "0C8B7EDD-1958-4502-84EA-40AA4D6A7EFB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F45BFB2-D9FE-4E19-A93C-C527B249421A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*", "matchCriteriaId": "175E7140-7D6E-4875-97D1-76F89F0DD0BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*", "matchCriteriaId": "58EB1D22-E611-4C6D-9208-82E5BD18C4E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*", "matchCriteriaId": "348D6672-A6C5-4C69-B1A6-BC4B8DD3D2C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7FEAB1E-2A1F-45F8-B317-CBBE242FFD03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n"}, {"lang": "es", "value": "Las c\u00e1maras de red Panasonic Sanyo CCTV en las versiones 1.02-05 y 2.03-0x son vulnerables a CSRF que pueden explotarse permitiendo que un atacante realice cambios con privilegios de nivel de administrador."}], "id": "CVE-2022-4621", "lastModified": "2023-11-07T03:58:22.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-01-17T17:15:11.730", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}