Stack Buffer Overflow in Verint PTZ Cameras and Firmware
CVE-2020-24055

9.8CRITICAL

Key Information:

Vendor: Verint
Status: 5620ptz Firmware
Vendor: CVE Published:; 21 August 2020

What is CVE-2020-24055?

The Verint 5620PTZ and 4320 PTZ cameras feature an autodiscovery service within the binary executable '/usr/sbin/DM' that operates on TCP port 6666. This service is susceptible to a stack buffer overflow due to improper handling of incoming data. Notably, the service does not implement any authentication measures, making it particularly vulnerable to exploitation, which could allow unauthorized users to gain control over the affected devices.

References

https://ioactive.com/verint-ptz-cameras-multiple-vulnerab...

x_refsource_MISC

https://ioac.tv/2Nbc40h

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2020
Vulnerability Reserved
Aug 13, 2020

CVE-2020-24055 Data

JSON