Sign-up

ID

VAR-201909-1474


CVE

CVE-2019-10256


TITLE

VIVOTEK IPCam Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009357

DESCRIPTION

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. VIVOTEK IPCam Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vivotek VIVOTEK IPCam is a network camera produced by Taiwan Vivotek Corporation. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.71

sources: NVD: CVE-2019-10256 // JVNDB: JVNDB-2019-009357 // VULHUB: VHN-141784

AFFECTED PRODUCTS

vendor:vivotekmodel:camerascope:eqversion: -

Trust: 1.0

vendor:vivotekmodel:camerascope:ltversion:0x13a

Trust: 0.8

sources: JVNDB: JVNDB-2019-009357 // NVD: CVE-2019-10256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10256
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10256
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-458
value: CRITICAL

Trust: 0.6

VULHUB: VHN-141784
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10256
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-141784
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10256
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10256
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-141784 // JVNDB: JVNDB-2019-009357 // CNNVD: CNNVD-201909-458 // NVD: CVE-2019-10256

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-141784 // JVNDB: JVNDB-2019-009357 // NVD: CVE-2019-10256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-458

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201909-458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009357

PATCH
title:Cybersecurity Management Solutionurl:https://www.vivotek.com/cybersecurity
Trust: 0.8
title:VVTK−SA-2019-001url:http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-001-v1.pdf
Trust: 0.8
title:VIVOTEK IPCam Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98051
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009357 // 
            
            
            
            CNNVD: CNNVD-201909-458

EXTERNAL IDS
db:NVDid:CVE-2019-10256
Trust: 2.5
db:JVNDBid:JVNDB-2019-009357
Trust: 0.8
db:CNNVDid:CNNVD-201909-458
Trust: 0.7
db:VULHUBid:VHN-141784
Trust: 0.1
sources:
            
            
            VULHUB: VHN-141784 // 
            
            
            
            JVNDB: JVNDB-2019-009357 // 
            
            
            
            CNNVD: CNNVD-201909-458 // 
            
            
            
            NVD: CVE-2019-10256

REFERENCES
url:http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-001-v1.pdf
Trust: 1.7
url:https://www.vivotek.com/cybersecurity
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10256
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10256
Trust: 0.8
sources:
            
            
            VULHUB: VHN-141784 // 
            
            
            
            JVNDB: JVNDB-2019-009357 // 
            
            
            
            CNNVD: CNNVD-201909-458 // 
            
            
            
            NVD: CVE-2019-10256

SOURCES
db:VULHUBid:VHN-141784
db:JVNDBid:JVNDB-2019-009357
db:CNNVDid:CNNVD-201909-458
db:NVDid:CVE-2019-10256

LAST UPDATE DATE
2024-11-23T22:44:49.698000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-141784date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009357date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-458date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10256date:2024-11-21T04:18:45.547

SOURCES RELEASE DATE
db:VULHUBid:VHN-141784date:2019-09-10T00:00:00
db:JVNDBid:JVNDB-2019-009357date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-458date:2019-09-10T00:00:00
db:NVDid:CVE-2019-10256date:2019-09-10T19:15:10.233