Details of VAR-201607-0721

ID

VAR-201607-0721

TITLE

Multiple Vicon Network Cameras Product Authentication Bypass Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-05942

DESCRIPTION

Vicon V920D and SN663V are all V9XX and SN6XX series network camera products from American Vicon Industries. Multiple Vicon Network Cameras products have an authentication bypass vulnerability. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. The following products are affected: V-CELL-IP, V660V-P (Europe), V920D, V921D and other products. This may lead to further attacks

Trust: 1.35

sources: CNVD: CNVD-2016-05942 // CNNVD: CNNVD-201607-1050 // BID: 92194

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-05942

AFFECTED PRODUCTS

vendor:	vicon	model:	industries network cameras	scope:	-	version:	-	Trust: 0.6
vendor:	vicon	model:	industries vn-901t encoder t1 v3.0.3	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v923d t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v923b t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v922d t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v922b t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v921d t4 v2.1.6	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v921b t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v920d t4 v2.1.6	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v905-cube t5 v2.4.3	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v660v-p t2 v2.7.3	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v-cell-ip t2 v2.7.3	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v-cell-hd t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn680d-wnir x1 1.4.9	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn680d-a-wnir x2 1.2.1	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn663v-a x2 1.2.1	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn663v x1 1.4.9	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce202d-wn t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce202d-n t6 v1.9.4	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce102d-nir t8 v1.4.3	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce102b-nir t8 v1.4.3	scope:	-	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v923d t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v923b t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v922d t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v922b t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v921d t4 v2.2.4	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v921b t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v920d t4 v2.2.4	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v905-cube t5 v2.4.8	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v660v-p t2 v2.7.8	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v-cell-ip t2 v2.7.8	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries v-cell-hd t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn680d-wnir x1 1.5.2	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn680d-a-wnir x2 1.2.3	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn663v-a x2 1.2.3	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries sn663v x1 1.5.2	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce202d-wn t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce202d-n t6 v1.9.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce102d-nir t8 v1.4.9	scope:	ne	version:	-	Trust: 0.3
vendor:	vicon	model:	industries ce102b-nir t8 v1.4.9	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2016-05942 // BID: 92194

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-05942
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-05942
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-05942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-1050

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201607-1050

PATCH

title:

Patches for multiple ViconNetworkCameras product authentication bypass vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/80048

Trust: 0.6

sources: CNVD: CNVD-2016-05942

EXTERNAL IDS

db:	BID	id:	92194	Trust: 1.5
db:	CNVD	id:	CNVD-2016-05942	Trust: 0.6
db:	CNNVD	id:	CNNVD-201607-1050	Trust: 0.6

sources: CNVD: CNVD-2016-05942 // BID: 92194 // CNNVD: CNNVD-201607-1050

REFERENCES

url:	http://www.securityfocus.com/bid/92194	Trust: 1.2
url:	http://www.vicon-security.com/software/vicon_camera/v9xxcameras_3-15_firmware-updated_release_notes.pdf	Trust: 0.3
url:	http://www.vicon-security.com/	Trust: 0.3
url:	http://seclists.org/bugtraq/2016/jul/149	Trust: 0.3

sources: CNVD: CNVD-2016-05942 // BID: 92194 // CNNVD: CNNVD-201607-1050

CREDITS

Reginald Dodd

Trust: 0.9

sources: BID: 92194 // CNNVD: CNNVD-201607-1050

SOURCES

db:	CNVD	id:	CNVD-2016-05942
db:	BID	id:	92194
db:	CNNVD	id:	CNNVD-201607-1050

LAST UPDATE DATE

2022-05-17T01:36:36.880000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05942	date:	2016-08-03T00:00:00
db:	BID	id:	92194	date:	2016-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201607-1050	date:	2016-08-01T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-05942	date:	2016-08-03T00:00:00
db:	BID	id:	92194	date:	2016-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201607-1050	date:	2016-07-28T00:00:00