Details of VAR-201408-0478

ID

VAR-201408-0478

TITLE

Hikvision video network monitoring system ivms-8100 remote command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-09085

DESCRIPTION

Hikvision video network monitoring system iVMS-8100 is a set of video network monitoring platform software used in the financial industry. The Hikvision video network monitoring system ivms-8100 has a struts2 remote command execution vulnerability, allowing an attacker to use the vulnerability to obtain system administrator system permissions, send remote instructions to the server system, and check, add, and Delete, modify, etc.

Trust: 0.6

sources: CNVD: CNVD-2014-09085

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-09085

AFFECTED PRODUCTS

vendor:

hikvision digital

model:

ivms-8100

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2014-09085

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-09085
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-09085
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-09085

EXTERNAL IDS

db:

CNVD

id:

CNVD-2014-09085

Trust: 0.6

sources: CNVD: CNVD-2014-09085

SOURCES

db:

CNVD

id:

CNVD-2014-09085

LAST UPDATE DATE

2022-05-04T09:18:13.880000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2014-09085

date:

2014-12-25T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2014-09085

date:

2014-08-04T00:00:00