CVE-2024-45170
C-MOR Video Surveillance 5.2401 Improper Access Control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.
C-MOR Video Surveillance version 5.2401 suffers from an improper access control privilege escalation vulnerability that allows for a lower privileged user to access administrative functions.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-08-22 CVE Reserved
- 2024-09-04 CVE Published
- 2024-09-05 EPSS Updated
- 2024-09-06 CVE Updated
- 2024-09-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (3)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/181379 | 2024-09-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Za-internet Search vendor "Za-internet" | C-mor Video Surveillance Search vendor "Za-internet" for product "C-mor Video Surveillance" | * | - |
Affected
| ||||||