Sign-up

ID

VAR-201905-1152


CVE

CVE-2019-11560


TITLE

hisilicon HI3516 Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004442

DESCRIPTION

A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and software, as demonstrated by TENVIS cameras 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2; FDT FD7902 11.3.14.1.3 and 10.3.14.1.3; FOSCAM cameras 3.2.1.1.1_0815 and 3.2.2.2.1_0815; and Dericam cameras V11.3.8.1.12. hisilicon HI3516 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hisilicon HI3516 is a SOC chip developed by China Hisilicon Company for high-definition IP cameras. Hisilicon streaming server is one of the streaming media servers. The hisilicon streaming server in Hisilicon HI3516 has a buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-11560 // JVNDB: JVNDB-2019-004442 // VULHUB: VHN-143219 // VULMON: CVE-2019-11560

AFFECTED PRODUCTS

vendor:hisiliconmodel:hi3516scope:eqversion: -

Trust: 1.0

vendor:hisiliconmodel:hi3516scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-004442 // NVD: CVE-2019-11560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11560
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-11560
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-175
value: CRITICAL

Trust: 0.6

VULHUB: VHN-143219
value: HIGH

Trust: 0.1

VULMON: CVE-2019-11560
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11560
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-143219
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11560
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-143219 // VULMON: CVE-2019-11560 // JVNDB: JVNDB-2019-004442 // CNNVD: CNNVD-201905-175 // NVD: CVE-2019-11560

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-143219 // JVNDB: JVNDB-2019-004442 // NVD: CVE-2019-11560

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-175

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-175

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004442

PATCH
title:Top Pageurl:http://www.hisilicon.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004442

EXTERNAL IDS
db:NVDid:CVE-2019-11560
Trust: 2.6
db:JVNDBid:JVNDB-2019-004442
Trust: 0.8
db:CNNVDid:CNNVD-201905-175
Trust: 0.7
db:VULHUBid:VHN-143219
Trust: 0.1
db:VULMONid:CVE-2019-11560
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143219 // 
            
            
            
            VULMON: CVE-2019-11560 // 
            
            
            
            JVNDB: JVNDB-2019-004442 // 
            
            
            
            CNNVD: CNNVD-201905-175 // 
            
            
            
            NVD: CVE-2019-11560

REFERENCES
url:https://gist.github.com/vulnfan1337/e95c2dba75ad93a1a325c6ace950eba9
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11560
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11560
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143219 // 
            
            
            
            VULMON: CVE-2019-11560 // 
            
            
            
            JVNDB: JVNDB-2019-004442 // 
            
            
            
            CNNVD: CNNVD-201905-175 // 
            
            
            
            NVD: CVE-2019-11560

SOURCES
db:VULHUBid:VHN-143219
db:VULMONid:CVE-2019-11560
db:JVNDBid:JVNDB-2019-004442
db:CNNVDid:CNNVD-201905-175
db:NVDid:CVE-2019-11560

LAST UPDATE DATE
2024-11-23T23:08:24.426000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143219date:2019-05-08T00:00:00
db:VULMONid:CVE-2019-11560date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-004442date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-175date:2019-05-14T00:00:00
db:NVDid:CVE-2019-11560date:2024-11-21T04:21:21.033

SOURCES RELEASE DATE
db:VULHUBid:VHN-143219date:2019-05-07T00:00:00
db:VULMONid:CVE-2019-11560date:2019-05-07T00:00:00
db:JVNDBid:JVNDB-2019-004442date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-175date:2019-05-07T00:00:00
db:NVDid:CVE-2019-11560date:2019-05-07T16:29:00.247