CVE-2020-11623

{"id": "CVE-2020-11623", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2020-07-23T20:15:11.567", "references": [{"url": "https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable."}, {"lang": "es", "value": "Se detect\u00f3 un problema en AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 y Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Un atacante con acceso f\u00edsico a la interfaz UART podr\u00eda acceder a funciones adicionales de diagn\u00f3stico y configuraci\u00f3n, as\u00ed como al cargador de arranque de la c\u00e1mara. Una explotaci\u00f3n con \u00e9xito podr\u00eda comprometer la confidencialidad, integridad y disponibilidad del sistema afectado. Incluso podr\u00eda dejar el dispositivo inoperable"}], "lastModified": "2020-07-28T19:01:37.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:avertx:hd838_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B511526-D9AF-41D3-8C58-ED591FB6D28A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:avertx:hd838:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "02958C46-401D-478F-A217-BCA0B0E4899F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:avertx:hd438_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79C42137-9911-47AC-B051-5FAC413711AD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:avertx:hd438:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF06CB88-3801-4319-93D3-285C4CBC6F8F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}