Details of VAR-201908-0414

ID

VAR-201908-0414

CVE

CVE-2019-5995

TITLE

plural EOS Authorization vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-007767

DESCRIPTION

Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user's consent via unspecified vector. plural EOS The product contains an authorization vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2019-5995 // JVNDB: JVNDB-2019-007767 // VULHUB: VHN-157430

AFFECTED PRODUCTS

vendor:	canon	model:	eos 8000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos m2	scope:	lte	version:	1.0.3	Trust: 1.0
vendor:	canon	model:	eos 5d mark iv	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	eos m6\	scope:	lte	version:	5.0.0	Trust: 1.0
vendor:	canon	model:	eos-1d c	scope:	lte	version:	1.4.1	Trust: 1.0
vendor:	canon	model:	eos 70d	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos kiss x9i	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos d rebel t6	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos d rebel t5 re	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t7	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos d rebel sl2	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos hi	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos m6	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos m100	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos r	scope:	lte	version:	1.3.0	Trust: 1.0
vendor:	canon	model:	eos kiss x7i	scope:	lte	version:	1.1.5	Trust: 1.0
vendor:	canon	model:	eos 700d	scope:	lte	version:	1.1.5	Trust: 1.0
vendor:	canon	model:	eos 5ds r	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos 77d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos m50	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 9000d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 6d	scope:	lte	version:	1.1.8	Trust: 1.0
vendor:	canon	model:	eos 100d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x8i	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos d rebel t5	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos kiss x80	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos kiss x10	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos rp gold	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	powershot sx70 hs	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos m3	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	eos 3000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 7d mark ii	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t100	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 5d mark iii	scope:	lte	version:	1.3.5	Trust: 1.0
vendor:	canon	model:	eos rp	scope:	lte	version:	1.2.0	Trust: 1.0
vendor:	canon	model:	eos d rebel t7i	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 1200d mg	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t6i	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 4000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 800d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos-1d x mkii	scope:	lte	version:	1.1.6	Trust: 1.0
vendor:	canon	model:	eos 1500d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos kiss m	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 1200d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	powershot sx740 hs	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x70	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos kiss x9	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x90	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 6d mark ii	scope:	lte	version:	1.0.4	Trust: 1.0
vendor:	canon	model:	eos m10	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	powershot g5xmark ii	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 2000d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos d rebel sl3	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 250d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos kiss x7	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos d rebel t6s	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos-1d x	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	canon	model:	eos 80d	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	canon	model:	eos 750d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos 1300d	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	canon	model:	eos 200d	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos 5ds	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	canon	model:	eos d rebel t5i	scope:	lte	version:	1.1.5	Trust: 1.0
vendor:	canon	model:	eos 760d	scope:	lte	version:	1.0.0	Trust: 1.0
vendor:	canon	model:	eos m5	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos d rebel sl1	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	canon	model:	eos-1d c	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-1d x mkii	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-1d x	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5d mark iii	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5d mark iv	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5ds r	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-5ds	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-6d	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-70 d	scope:	-	version:	-	Trust: 0.8
vendor:	canon	model:	eos-7d mark ii	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007767 // NVD: CVE-2019-5995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5995
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5995
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-431
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157430
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5995
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-157430
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5995
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-157430 // JVNDB: JVNDB-2019-007767 // CNNVD: CNNVD-201908-431 // NVD: CVE-2019-5995

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-285	Trust: 0.9

sources: VULHUB: VHN-157430 // JVNDB: JVNDB-2019-007767 // NVD: CVE-2019-5995

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-431

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-431

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007767

PATCH

title:	Latest News	url:	https://www.canon-europe.com/support/product-security/	Trust: 0.8
title:	Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions.	url:	https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras	Trust: 0.8
title:	キヤノン製デジタルカメラにおけるPTP（画像転送プロトコル）通信機能およびファームウエアアップデート機能の脆弱性について	url:	https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-007767

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5995	Trust: 2.5
db:	JVN	id:	JVNVU97511331	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007767	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-431	Trust: 0.6
db:	VULHUB	id:	VHN-157430	Trust: 0.1

sources: VULHUB: VHN-157430 // JVNDB: JVNDB-2019-007767 // CNNVD: CNNVD-201908-431 // NVD: CVE-2019-5995

REFERENCES

url:	http://jvn.jp/en/vu/jvnvu97511331/index.html	Trust: 2.5
url:	https://www.canon-europe.com/support/product-security/	Trust: 1.7
url:	https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html	Trust: 1.7
url:	https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/	Trust: 1.7
url:	https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5995	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5995	Trust: 0.8

sources: VULHUB: VHN-157430 // JVNDB: JVNDB-2019-007767 // CNNVD: CNNVD-201908-431 // NVD: CVE-2019-5995

SOURCES

db:	VULHUB	id:	VHN-157430
db:	JVNDB	id:	JVNDB-2019-007767
db:	CNNVD	id:	CNNVD-201908-431
db:	NVD	id:	CVE-2019-5995

LAST UPDATE DATE

2024-11-23T21:36:58.516000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157430	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-007767	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-431	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2019-5995	date:	2024-11-21T04:45:52.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157430	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007767	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-431	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-5995	date:	2019-08-06T19:15:14.193