CVE-2024-32753 - OpenCVE

Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: jci

Published: 2024-07-11T15:30:39.367Z

Updated: 2024-08-16T14:50:34.077Z

Reserved: 2024-04-17T17:26:35.180Z

Link: CVE-2024-32753

Vulnrichment

Updated: 2024-08-02T02:20:35.268Z

NVD

Status : Awaiting Analysis

Published: 2024-07-11T16:15:02.350

Modified: 2024-07-11T18:09:58.777

Link: CVE-2024-32753

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32753", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "state": "PUBLISHED", "assignerShortName": "jci", "dateReserved": "2024-04-17T17:26:35.180Z", "datePublished": "2024-07-11T15:30:39.367Z", "dateUpdated": "2024-08-16T14:50:34.077Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TYCO Illustra Pro4 Fixed cameras", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "Illustra.SS016.05.03.01.0007", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TYCO Illustra Pro4 PTZ cameras", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "Illustra.SS010.24.03.00.0005", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TYCO Illustra Flex4 Fixed & PTZ cameras", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "Illustra.SS018.24.03.00.0010", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TYCO Illustra Pro4 MultiSensor Cameras", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "Illustra.SS017.24.03.00.0009", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TYCO Illustra Flex4 DualSensor Cameras", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "Illustra.SS022.24.03.00.0008", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-07-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component</span>"}], "value": "Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component"}], "impacts": [{"capecId": "CAPEC-588", "descriptions": [{"lang": "en", "value": "CAPEC-588: DOM-Based XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1395", "description": "CWE-1395: Dependency on Vulnerable Third-Party Component", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2024-08-16T14:50:34.077Z"}, "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li><p>Update firmware of <strong>Pro4 Fixed</strong> cameras to <strong>Illustra.SS016.24.03.00.0007</strong></p></li><li><p>Update firmware of <strong>Pro4 PTZ</strong> cameras to<strong> Illustra.SS010.24.03.00.0005</strong></p></li><li><p>Update firmware of <strong>Flex4 Fixed & PTZ</strong> cameras to <strong>Illustra.SS018.24.03.00.0010</strong></p></li><li><p>Update firmware of <strong>Pro4 MultiSensor </strong>cameras to <strong>Illustra.SS017.24.03.00.0009</strong></p></li><li><p>Update firmware of <strong>Flex4 DualSensor </strong>cameras to <strong>Illustra.SS022.24.03.00.0008</strong></p></li></ul>\n\n<br>"}], "value": "* Update firmware of Pro4 Fixed cameras to Illustra.SS016.24.03.00.0007\n\n\n * Update firmware of Pro4 PTZ cameras to Illustra.SS010.24.03.00.0005\n\n\n * Update firmware of Flex4 Fixed & PTZ cameras to Illustra.SS018.24.03.00.0010\n\n\n * Update firmware of Pro4 MultiSensor cameras to Illustra.SS017.24.03.00.0009\n\n\n * Update firmware of Flex4 DualSensor cameras to Illustra.SS022.24.03.00.0008"}], "source": {"discovery": "UNKNOWN"}, "title": "TYCO Illustra Pro Gen 4 - JQuery version", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "johnsoncontrols", "product": "illustra_flex4_dualsensor_firmware", "cpes": ["cpe:2.3:o:johnsoncontrols:illustra_flex4_dualsensor_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Illustra.SS022.24.03.00.0008", "versionType": "custom"}]}, {"vendor": "johnsoncontrols", "product": "illustra_pro4_multisensor_firmware", "cpes": ["cpe:2.3:o:johnsoncontrols:illustra_pro4_multisensor_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Illustra.SS017.24.03.00.0009", "versionType": "custom"}]}, {"vendor": "johnsoncontrols", "product": "illustra_flex4_fixed_firmware", "cpes": ["cpe:2.3:o:johnsoncontrols:illustra_flex4_fixed_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Illustra.SS018.24.03.00.0010", "versionType": "custom"}]}, {"vendor": "johnsoncontrols", "product": "illustra_flex4_ptz_firmware", "cpes": ["cpe:2.3:o:johnsoncontrols:illustra_flex4_ptz_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Illustra.SS018.24.03.00.0010", "versionType": "custom"}]}, {"vendor": "johnsoncontrols", "product": "illustra_pro4_ptz_firmware", "cpes": ["cpe:2.3:o:johnsoncontrols:illustra_pro4_ptz_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Illustra.SS010.24.03.00.0005", "versionType": "custom"}]}, {"vendor": "johnsoncontrols", "product": "illustra_pro_gen_4_firmware", "cpes": ["cpe:2.3:o:johnsoncontrols:illustra_pro_gen_4_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Illustra.SS016.05.03.01.0007", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T19:41:41.470969Z", "id": "CVE-2024-32753", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:23:41.965Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:20:35.268Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:20:35.268Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32753", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-12T19:41:41.470969Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:johnsoncontrols:illustra_flex4_dualsensor_firmware:*:*:*:*:*:*:*:*"], "vendor": "johnsoncontrols", "product": "illustra_flex4_dualsensor_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS022.24.03.00.0008"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:johnsoncontrols:illustra_pro4_multisensor_firmware:*:*:*:*:*:*:*:*"], "vendor": "johnsoncontrols", "product": "illustra_pro4_multisensor_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS017.24.03.00.0009"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:johnsoncontrols:illustra_flex4_fixed_firmware:*:*:*:*:*:*:*:*"], "vendor": "johnsoncontrols", "product": "illustra_flex4_fixed_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS018.24.03.00.0010"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:johnsoncontrols:illustra_flex4_ptz_firmware:*:*:*:*:*:*:*:*"], "vendor": "johnsoncontrols", "product": "illustra_flex4_ptz_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS018.24.03.00.0010"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:johnsoncontrols:illustra_pro4_ptz_firmware:*:*:*:*:*:*:*:*"], "vendor": "johnsoncontrols", "product": "illustra_pro4_ptz_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS010.24.03.00.0005"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:johnsoncontrols:illustra_pro_gen_4_firmware:*:*:*:*:*:*:*:*"], "vendor": "johnsoncontrols", "product": "illustra_pro_gen_4_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS016.05.03.01.0007"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:16:41.368Z"}}], "cna": {"title": "TYCO Illustra Pro Gen 4 - JQuery version", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-588", "descriptions": [{"lang": "en", "value": "CAPEC-588: DOM-Based XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Johnson Controls", "product": "TYCO Illustra Pro4 Fixed cameras", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS016.05.03.01.0007"}], "defaultStatus": "unaffected"}, {"vendor": "Johnson Controls", "product": "TYCO Illustra Pro4 PTZ cameras", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS010.24.03.00.0005"}], "defaultStatus": "unaffected"}, {"vendor": "Johnson Controls", "product": "TYCO Illustra Flex4 Fixed & PTZ cameras", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS018.24.03.00.0010"}], "defaultStatus": "unaffected"}, {"vendor": "Johnson Controls", "product": "TYCO Illustra Pro4 MultiSensor Cameras", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS017.24.03.00.0009"}], "defaultStatus": "unaffected"}, {"vendor": "Johnson Controls", "product": "TYCO Illustra Flex4 DualSensor Cameras", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Illustra.SS022.24.03.00.0008"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "* Update firmware of Pro4 Fixed cameras to Illustra.SS016.24.03.00.0007\n\n\n * Update firmware of Pro4 PTZ cameras to Illustra.SS010.24.03.00.0005\n\n\n * Update firmware of Flex4 Fixed & PTZ cameras to Illustra.SS018.24.03.00.0010\n\n\n * Update firmware of Pro4 MultiSensor cameras to Illustra.SS017.24.03.00.0009\n\n\n * Update firmware of Flex4 DualSensor cameras to Illustra.SS022.24.03.00.0008", "supportingMedia": [{"type": "text/html", "value": "<ul><li><p>Update firmware of <strong>Pro4 Fixed</strong> cameras to <strong>Illustra.SS016.24.03.00.0007</strong></p></li><li><p>Update firmware of <strong>Pro4 PTZ</strong> cameras to<strong> Illustra.SS010.24.03.00.0005</strong></p></li><li><p>Update firmware of <strong>Flex4 Fixed & PTZ</strong> cameras to <strong>Illustra.SS018.24.03.00.0010</strong></p></li><li><p>Update firmware of <strong>Pro4 MultiSensor </strong>cameras to <strong>Illustra.SS017.24.03.00.0009</strong></p></li><li><p>Update firmware of <strong>Flex4 DualSensor </strong>cameras to <strong>Illustra.SS022.24.03.00.0008</strong></p></li></ul>\n\n<br>", "base64": false}]}], "datePublic": "2024-07-09T16:00:00.000Z", "references": [{"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1395", "description": "CWE-1395: Dependency on Vulnerable Third-Party Component"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2024-08-16T14:50:34.077Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32753", "state": "PUBLISHED", "dateUpdated": "2024-08-16T14:50:34.077Z", "dateReserved": "2024-04-17T17:26:35.180Z", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "datePublished": "2024-07-11T15:30:39.367Z", "assignerShortName": "jci"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component"}, {"lang": "es", "value": "En determinadas circunstancias, la c\u00e1mara puede ser susceptible a vulnerabilidades conocidas asociadas con las versiones de JQuery anteriores a la 3.5.0, componente de terceros."}], "id": "CVE-2024-32753", "lastModified": "2024-07-11T18:09:58.777", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "LOW"}, "source": "productsecurity@jci.com", "type": "Secondary"}]}, "published": "2024-07-11T16:15:02.350", "references": [{"source": "productsecurity@jci.com", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03"}, {"source": "productsecurity@jci.com", "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Awaiting Analysis"}