ByteOS Network

Vulnerability Details :

CVE-2021-36199

Summary

Assigner-jci

Assigner Org ID-7281d04a-a537-43df-bfb4-fa4110af9d01

Published At-14 Jan, 2022 | 19:10

Updated At-16 Sep, 2024 | 18:44

VideoEdge

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:jci

Assigner Org ID:7281d04a-a537-43df-bfb4-fa4110af9d01

Published At:14 Jan, 2022 | 19:10

Updated At:16 Sep, 2024 | 18:44

▼CVE Numbering Authority (CNA)

VideoEdge

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

Affected Products

Vendor

Johnson Controls

Product

VideoEdge

Versions

Affected

5.4.1 to 5.7.1

Problem Types

Type	CWE ID	Description
CWE	CWE-228	CWE-228: Improper Handling of Syntactically Invalid Structure

Type: CWE

CWE ID: CWE-228

Description: CWE-228: Improper Handling of Syntactically Invalid Structure

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Solutions

Update VideoEdge with hot fix for versions 5.4.1 to 5.7.1 or upgrade VideoEdge to version 5.9.

References

Hyperlink	Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	x_refsource_CONFIRM
https://us-cert.gov/ics/advisories/ICSA-22-011-01	third-party-advisory x_refsource_CERT

Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Resource:

x_refsource_CONFIRM

Hyperlink: https://us-cert.gov/ics/advisories/ICSA-22-011-01

Resource:

third-party-advisory

x_refsource_CERT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	x_refsource_CONFIRM x_transferred
https://us-cert.gov/ics/advisories/ICSA-22-011-01	third-party-advisory x_refsource_CERT x_transferred

Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://us-cert.gov/ics/advisories/ICSA-22-011-01

Resource:

third-party-advisory

x_refsource_CERT

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:productsecurity@jci.com

Published At:14 Jan, 2022 | 20:15

Updated At:21 Jan, 2022 | 19:09

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

johnsoncontrols>>videoedge>>Versions from 5.4.1(inclusive) to 5.7.1(inclusive)

cpe:2.3:o:johnsoncontrols:videoedge:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-228	Secondary	productsecurity@jci.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-228

Type: Secondary

Source: productsecurity@jci.com

References

Hyperlink	Source	Resource
https://us-cert.gov/ics/advisories/ICSA-22-011-01	productsecurity@jci.com	Third Party Advisory US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	productsecurity@jci.com	Vendor Advisory

Hyperlink: https://us-cert.gov/ics/advisories/ICSA-22-011-01

Source: productsecurity@jci.com

Resource:

Third Party Advisory

US Government Resource

Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Source: productsecurity@jci.com

Resource:

Vendor Advisory

Similar CVEs

4Records found

CVE-2021-27665

Matching Score-8

Assigner-Johnson Controls

View Details

Matching Score-8

Assigner-Johnson Controls

CVSS Score-7.5||HIGH

EPSS-0.26% / 49.12%

7 Day CHG~0.00%

Published-11 Oct, 2021 | 15:26

Updated-17 Sep, 2024 | 02:53

exacqVision Server 32-bit

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.

Vendor-johnsoncontrols Johnson Controls

Product-exacqvision_server exacqVision Web Service

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2021-27656

Matching Score-8

Assigner-Johnson Controls

View Details

Matching Score-8

Assigner-Johnson Controls

CVSS Score-5.3||MEDIUM

EPSS-0.25% / 47.89%

7 Day CHG~0.00%

Published-18 Mar, 2021 | 17:58

Updated-17 Sep, 2024 | 03:23

exacqVision Web Services - Information Exposure

A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.

Vendor-johnsoncontrols Johnson Controls

Product-exacqvision_web_service exacqVision Web Service version 20.12.2.0 and prior

CWE ID-CWE-862

Missing Authorization

CVE-2018-5381

Matching Score-4

Assigner-CERT/CC

View Details

Matching Score-4

Assigner-CERT/CC

CVSS Score-6.5||MEDIUM

EPSS-5.59% / 90.40%

7 Day CHG~0.00%

Published-19 Feb, 2018 | 13:00

Updated-16 Sep, 2024 | 16:17

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

Vendor-quagga Quagga Debian GNU/Linux Siemens AG Canonical Ltd.

Product-ubuntu_linux debian_linux quagga ruggedcom_rox_ii_firmware ruggedcom_rox_ii bgpd

CWE ID-CWE-228

Improper Handling of Syntactically Invalid Structure

CWE ID-CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2024-53828

Matching Score-4

Assigner-Ericsson

View Details

Matching Score-4

Assigner-Ericsson

CVSS Score-5.3||MEDIUM

EPSS-0.02% / 6.45%

7 Day CHG~0.00%

Published-01 Apr, 2026 | 09:49

Updated-10 Apr, 2026 | 15:44

Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability

Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

Vendor-Ericsson

Product-packet_core_controller Packet Core Controller (PCC)

CWE ID-CWE-228

Improper Handling of Syntactically Invalid Structure

CVE-2021-36199

Credits

VideoEdge

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs