An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 07:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Za-internet
Za-internet c-mor Video Surveillance |
|
References |
| |
Metrics |
ssvc
|
Wed, 04 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Za-internet
Za-internet c-mor Video Surveillance |
|
Weaknesses | CWE-284 | |
CPEs | cpe:2.3:a:za-internet:c-mor_video_surveillance:*:*:*:*:*:*:*:* | |
Vendors & Products |
Za-internet
Za-internet c-mor Video Surveillance |
|
Metrics |
cvssV3_1
|
Wed, 04 Sep 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-04T00:00:00
Updated: 2024-09-06T06:03:34.402Z
Reserved: 2024-08-22T00:00:00
Link: CVE-2024-45170
Vulnrichment
Updated: 2024-09-06T06:03:34.402Z
NVD
Status : Awaiting Analysis
Published: 2024-09-04T17:15:14.600
Modified: 2024-09-05T12:53:21.110
Link: CVE-2024-45170
Redhat
No data.