Details of VAR-201908-0048

ID

VAR-201908-0048

CVE

CVE-2019-6000

TITLE

plural EOS Buffer error vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2019-007770

DESCRIPTION

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command. plural EOS The product contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Canon EOS-1D X etc. are the products of Canon Corporation of Japan. Canon EOS-1D X is a digital camera of EOS series. EOS-1D C is a digital camera of EOS series. The PowerShot SX740 HS is a digital camera of the PowerShot series. A buffer error vulnerability exists in PTP in Canon EOS series and PowerShot series products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-6000 // JVNDB: JVNDB-2019-007770 // VULHUB: VHN-157435

AFFECTED PRODUCTS

vendor:	canon	model:	eos 8000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos m2	scope:	lte	version:	1.0.3	Trust: 1.0
vendor:	canon	model:	eos 5d mark iv	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	eos m6\	scope:	lte	version:	5.0.0	Trust: 1.0
vendor:	canon	model:	eos-1d c	scope:	lte	version:	1.4.1	Trust: 1.0
vendor:	canon	model:	eos 70d	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos kiss x9i	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos d rebel t6	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos d rebel t5 re	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t7	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos d rebel sl2	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos hi	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos m6	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos m100	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos r	scope:	lte	version:	1.3.0	Trust: 1.0
vendor:	canon	model:	eos kiss x7i	scope:	lte	version:	1.1.5	Trust: 1.0
vendor:	canon	model:	eos 700d	scope:	lte	version:	1.1.5	Trust: 1.0
vendor:	canon	model:	eos 5ds r	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos 77d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos m50	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 9000d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 6d	scope:	lte	version:	1.1.8	Trust: 1.0
vendor:	canon	model:	eos 100d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x8i	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos d rebel t5	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos kiss x80	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos kiss x10	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos rp gold	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	powershot sx70 hs	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos m3	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	eos 3000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 7d mark ii	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t100	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 5d mark iii	scope:	lte	version:	1.3.5	Trust: 1.0
vendor:	canon	model:	eos rp	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	eos d rebel t7i	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 1200d mg	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t6i	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 4000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 800d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos-1d x mkii	scope:	lte	version:	1.1.6	Trust: 1.0
vendor:	canon	model:	eos 1500d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos kiss m	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 1200d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	powershot sx740 hs	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x70	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos kiss x9	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x90	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 6d mark ii	scope:	lte	version:	1.0.4	Trust: 1.0
vendor:	canon	model:	eos m10	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	powershot g5xmark ii	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 2000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos d rebel sl3	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 250d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x7	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos d rebel t6s	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos-1d x	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	canon	model:	eos 80d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 750d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 1300d	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos 200d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 5ds	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t5i	scope:	lte	version:	1.1.5	Trust: 1.0
vendor:	canon	model:	eos 760d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos m5	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos d rebel sl1	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos-1d c	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-1d x mkii	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-1d x	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5d mark iii	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5d mark iv	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5ds r	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5ds	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-6d	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-70 d	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-7d mark ii	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007770 // NVD: CVE-2019-6000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6000
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6000
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-438
value:	HIGH
Trust: 0.6
VULHUB:	VHN-157435
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6000
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-157435
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6000
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-157435 // JVNDB: JVNDB-2019-007770 // CNNVD: CNNVD-201908-438 // NVD: CVE-2019-6000

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-157435 // JVNDB: JVNDB-2019-007770 // NVD: CVE-2019-6000

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-438

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007770

PATCH

title:	Latest News	url:	https://www.canon-europe.com/support/product-security/	Trust: 0.8
title:	Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions.	url:	https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras	Trust: 0.8
title:	キヤノン製デジタルカメラにおけるPTP（画像転送プロトコル）通信機能およびファームウエアアップデート機能の脆弱性について	url:	https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-007770

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6000	Trust: 2.5
db:	JVN	id:	JVNVU97511331	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007770	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-438	Trust: 0.7
db:	VULHUB	id:	VHN-157435	Trust: 0.1

sources: VULHUB: VHN-157435 // JVNDB: JVNDB-2019-007770 // CNNVD: CNNVD-201908-438 // NVD: CVE-2019-6000

REFERENCES

url:	http://jvn.jp/en/vu/jvnvu97511331/index.html	Trust: 2.5
url:	https://www.canon-europe.com/support/product-security/	Trust: 1.7
url:	https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html	Trust: 1.7
url:	https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/	Trust: 1.7
url:	https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6000	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6000	Trust: 0.8

sources: VULHUB: VHN-157435 // JVNDB: JVNDB-2019-007770 // CNNVD: CNNVD-201908-438 // NVD: CVE-2019-6000

SOURCES

db:	VULHUB	id:	VHN-157435
db:	JVNDB	id:	JVNDB-2019-007770
db:	CNNVD	id:	CNNVD-201908-438
db:	NVD	id:	CVE-2019-6000

LAST UPDATE DATE

2024-11-23T21:37:01.977000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157435	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-007770	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-438	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-6000	date:	2024-11-21T04:45:53.387

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157435	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007770	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-438	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-6000	date:	2019-08-06T19:15:14.443