Details of VAR-201701-0620

ID

VAR-201701-0620

CVE

CVE-2014-8362

TITLE

Vivint SkyControl Panel Enable alarm system in / Disabled vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-008192

DESCRIPTION

Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. Vivint SkyControl Panel is a control panel interface for centralized management of smart home from Vivint Company in the United States. Vivint SkyControl Panel version 1.1.1.9926 has a security vulnerability. Vivint Sky Control Panel Unauthenticated Access Vulnerability Solutionary ID: SERT-VDN-1017 Risk Rating: High CVE ID: CVE-2014-8362 Product: Vivint Sky Control Panel Application Vendor: Vivint Vendor URL: http://www.vivint.com/en/ Date discovered: 09/25/2014 Discovered by: Jeremy Scott and Solutionary Security Engineering Research Team (SERT) Vendor notification date: 10/17/2014 Vendor response date: No Response Vendor acknowledgment date: No Response Public disclosure date: 09/22/2015 Type of vulnerability: Unauthenticated Administrative Access Exploit Vectors: Local and Remote Vulnerability Description: Vivint Sky Control Panel contains a flaw allowing unauthenticated access through a Web-enabled interface (default port 8090) to the Vivint Sky application. Fixed in: Current version Remediation guidelines: The vendor has implemented authentication to require authentication to the Web interface. Please contact the vendor and request a firmware update to mitigate the vulnerability, if identified

Trust: 1.8

sources: NVD: CVE-2014-8362 // JVNDB: JVNDB-2014-008192 // VULHUB: VHN-76307 // PACKETSTORM: 136040

AFFECTED PRODUCTS

vendor:	vivint	model:	sky control panel	scope:	eq	version:	1.1.1.9926	Trust: 1.6
vendor:	vivint	model:	skycontrol panel	scope:	-	version:	-	Trust: 0.8
vendor:	vivint	model:	skycontrol panel	scope:	eq	version:	1.1.1.9926	Trust: 0.8

sources: JVNDB: JVNDB-2014-008192 // CNNVD: CNNVD-201701-856 // NVD: CVE-2014-8362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8362
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-8362
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201701-856
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76307
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8362
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76307
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-8362
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-76307 // JVNDB: JVNDB-2014-008192 // CNNVD: CNNVD-201701-856 // NVD: CVE-2014-8362

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.9

sources: VULHUB: VHN-76307 // JVNDB: JVNDB-2014-008192 // NVD: CVE-2014-8362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-856

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201701-856

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008192

PATCH

title:	Vivint SkyControl Panel	url:	https://www.vivint.com/products/sky-panel	Trust: 0.8
title:	Vivint SkyControl Panel Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67382	Trust: 0.6

sources: JVNDB: JVNDB-2014-008192 // CNNVD: CNNVD-201701-856

EXTERNAL IDS

db:	PACKETSTORM	id:	136040	Trust: 2.6
db:	NVD	id:	CVE-2014-8362	Trust: 2.6
db:	JVNDB	id:	JVNDB-2014-008192	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-856	Trust: 0.7
db:	VULHUB	id:	VHN-76307	Trust: 0.1

sources: VULHUB: VHN-76307 // JVNDB: JVNDB-2014-008192 // PACKETSTORM: 136040 // CNNVD: CNNVD-201701-856 // NVD: CVE-2014-8362

REFERENCES

url:	http://packetstormsecurity.com/files/136040/vivint-sky-control-panel-unauthenticated-access.html	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8362	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8362	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8362	Trust: 0.1
url:	http://www.vivint.com/en/	Trust: 0.1

sources: VULHUB: VHN-76307 // JVNDB: JVNDB-2014-008192 // PACKETSTORM: 136040 // CNNVD: CNNVD-201701-856 // NVD: CVE-2014-8362

CREDITS

Jeremy Scott

Trust: 0.1

sources: PACKETSTORM: 136040

SOURCES

db:	VULHUB	id:	VHN-76307
db:	JVNDB	id:	JVNDB-2014-008192
db:	PACKETSTORM	id:	136040
db:	CNNVD	id:	CNNVD-201701-856
db:	NVD	id:	CVE-2014-8362

LAST UPDATE DATE

2025-04-20T23:29:46.151000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76307	date:	2017-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-008192	date:	2017-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201701-856	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2014-8362	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76307	date:	2017-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-008192	date:	2017-02-08T00:00:00
db:	PACKETSTORM	id:	136040	date:	2016-03-02T13:01:11
db:	CNNVD	id:	CNNVD-201701-856	date:	2017-01-23T00:00:00
db:	NVD	id:	CVE-2014-8362	date:	2017-01-23T21:59:00.300