CVE-2017-5368

ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).

ZoneMinder v1.30 y v1.29, una aplicación web de servidor de CCTV de código abierto, es vulnerable a CSRF (Cross Site Request Forgery), lo que permite a un ataque remoto realizar cambios en la aplicación web como la víctima registrada actual. Si la víctima visita una página web maliciosa, el atacante puede crear de forma silenciosa y automática un nuevo usuario admin dentro de la aplicación web para la persistencia remota y otros ataques. La URL es /zm/index.php y los parámetros de ejemplo podrían incluir action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (entre otros).

Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-01-13 CVE Reserved
2017-02-06 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/96126	Vdb Entry

URL	Date	SRC
http://seclists.org/bugtraq/2017/Feb/6	2024-08-05
http://seclists.org/fulldisclosure/2017/Feb/11	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zoneminder Search vendor "Zoneminder"		Zoneminder Search vendor "Zoneminder" for product "Zoneminder"				1.29.0 Search vendor "Zoneminder" for product "Zoneminder" and version "1.29.0"		-		Affected
Zoneminder Search vendor "Zoneminder"		Zoneminder Search vendor "Zoneminder" for product "Zoneminder"				1.30.0 Search vendor "Zoneminder" for product "Zoneminder" and version "1.30.0"		-		Affected