CVE-2020-24055

Published: Aug 21, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.

Affected (3)

Products: Verint: 5620ptz Firmware, 4320 Firmware

2 products

5620ptz Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Verint 5620ptz Firmware	Version verint_fw_0_42

Running on/with	Platform Versions
Verint 5620ptz	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Verint 4320 Firmware	Version v4320_fw_0_23
Verint 4320 Firmware	Version v4320_fw_0_31

Running on/with	Platform Versions
Verint 4320	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://ioac.tv/2Nbc40h

Source: cve@mitre.org

ExploitThird Party Advisory

https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/

Source: cve@mitre.org

Third Party Advisory

https://ioac.tv/2Nbc40h

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.