Race Condition Vulnerability in ZoneMinder by ZoneMinder
CVE-2019-7347

7.5HIGH

Key Information:

Vendor: Zoneminder
Status: Zoneminder
Vendor: CVE Published:; 4 February 2019

What is CVE-2019-7347?

A Time-of-check Time-of-use (TOCTOU) race condition exists in ZoneMinder, where an authenticated user's session remains active even after their account has been deleted from the users table. This flaw permits an attacker to exploit the continued session state, allowing access to features and functionalities such as adding and removing monitors and users. As a result, this can lead to unauthorized data manipulation within the system.

References

https://github.com/ZoneMinder/zoneminder/issues/2476

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 4, 2019

Zoneminder

What is CVE-2019-7347?

References

CVSS V3.1

Timeline