Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-30620

Summary
Assigner-INCD
Assigner Org ID-a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f
Published At-18 Jul, 2022 | 12:54
Updated At-17 Sep, 2024 | 01:21
Rejected At-
Credits

Cellinx NVT – IP PTZ Camera Privilege Escalation

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows changing various configuration in the camera.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:INCD
Assigner Org ID:a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f
Published At:18 Jul, 2022 | 12:54
Updated At:17 Sep, 2024 | 01:21
Rejected At:
▼CVE Numbering Authority (CNA)
Cellinx NVT – IP PTZ Camera Privilege Escalation

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows changing various configuration in the camera.

Affected Products
Vendor
Cellinx
Product
Cellinx NVT - IP PTZ Camera
Versions
Affected
  • From 3.2.1 before 3.2.0* (custom)
Problem Types
TypeCWE IDDescription
textN/APrivilege Escalation
Type: text
CWE ID: N/A
Description: Privilege Escalation
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
MetaData
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gov.il/en/departments/faq/cve_advisories
x_refsource_MISC
Hyperlink: https://www.gov.il/en/departments/faq/cve_advisories
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gov.il/en/departments/faq/cve_advisories
x_refsource_MISC
x_transferred
Hyperlink: https://www.gov.il/en/departments/faq/cve_advisories
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@cyber.gov.il
Published At:18 Jul, 2022 | 13:15
Updated At:08 Aug, 2023 | 14:22

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows changing various configuration in the camera.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
CPE Matches
cellinx
cellinx
>>cellinx_nvt_-_ip_ptz_camera_firmware>>3.2.0
cpe:2.3:o:cellinx:cellinx_nvt_-_ip_ptz_camera_firmware:3.2.0:*:*:*:*:*:*:*
cellinx
cellinx
>>cellinx_nvt_-_ip_ptz_camera_firmware>>3.2.1
cpe:2.3:o:cellinx:cellinx_nvt_-_ip_ptz_camera_firmware:3.2.1:*:*:*:*:*:*:*
cellinx
cellinx
>>cellinx_nvt_-_ip_ptz_camera>>-
cpe:2.3:h:cellinx:cellinx_nvt_-_ip_ptz_camera:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-565Primarynvd@nist.gov
CWE ID: CWE-565
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.gov.il/en/departments/faq/cve_advisoriescna@cyber.gov.il
Third Party Advisory
Hyperlink: https://www.gov.il/en/departments/faq/cve_advisories
Source: cna@cyber.gov.il
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2016-15002
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.29% / 51.43%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 06:15
Updated-15 Apr, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MONyog Ultimate Cookie privileges management

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-ideracorpunspecified
Product-webyog_monyog_ultimateMONyog Ultimate
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2024-9970
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.42% / 60.99%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 03:36
Updated-17 Oct, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NewType FlowMaster BPM Plus - Privilege Escalation

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.

Action-Not Available
Vendor-newtypeNewTypenew_type
Product-flowmaster_bpm_plusFlowMaster BPM Plusflowmaster_bpm_plus
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2021-41263
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.20% / 42.03%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 20:10
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure/signed cookies share secrets between sites in rails_multisite

rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-rails_multisiterails_multisite
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22186
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 22:08
Updated-08 Aug, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking

The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.

Action-Not Available
Vendor-Electrolinkelectrolink
Product-VHF TV TransmitterDigital FM TransmitterUHF TV TransmitterCompact FM TransmitterCompact DAB TransmitterHigh Power DAB TransmitterMedium DAB TransmitterModular FM Transmitterhigh power dab transmitteruhf tv transmitterdigital fm transmittermedium dab transmittermodular fm transmittervhf tv transmittercompact fm transmittercompact dab transmitter
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
Details not found