CVE-2019-18342 Information
Share on:
Feb 14, 2021
cve
Description
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions) SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341 an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files or access other resources on the same server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8