CVE-2019-5997

Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://jvn.jp/en/jp/JVN96646182/index.html	Third Party Advisory
http://downloadvi.com/downloads/IPServer/v7.6/76148/v76148RN.pdf

Configurations

Configuration 1 (hide)

cpe:2.3:a:panasonic:video_insight_vms:*:*:*:*:*:*:*:*

History

13 Jul 2023, 03:15

Type	Values Removed	Values Added
Summary	~~Video Insight VMS 7.5 and earlier allows remote attackers to conduct code injection attacks via unspecified vectors.~~	Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.
References	{'url': 'http://downloadvi.com/downloads/IPServer/v7.6/760272/v760272RN.pdf', 'name': 'http://downloadvi.com/downloads/IPServer/v7.6/760272/v760272RN.pdf', 'tags': ['Release Notes', 'Vendor Advisory'], 'refsource': 'MISC'}	(MISC) http://downloadvi.com/downloads/IPServer/v7.6/76148/v76148RN.pdf -

Information

Published : 2020-05-20 11:15

Updated : 2023-07-13 03:15

NVD link : CVE-2019-5997

Mitre link : CVE-2019-5997

JSON object : View

Products Affected

panasonic

video_insight_vms

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.8 /10