Main Vulnerability Database Vulnerabilities #VU23599

#VU23599 Missing Authentication for Critical Function in SiNVR 3 Video Server - CVE-2019-18339

Published: December 13, 2019

Vulnerability identifier: #VU23599

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-18339

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SiNVR 3 Video Server

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the HTTP service (default port 5401/tcp) contains an authentication bypass vulnerability. A remote attacker can read the SiNVR users database, including the passwords of all users in obfuscated cleartext.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf