PT-2019-17422 · Nest · Nest Cam Iq Indoor

Claudio Bozzato

Publicado

2019-08-20

Atualizado

2022-06-27

CVE-2019-5036

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nest Cam IQ Indoor version 4620002

Description A denial-of-service issue exists in the Weave error reporting functionality. It can be triggered by a specially crafted weave packet, causing an arbitrary Weave Exchange Session to close. This results in a denial of service. An attacker can exploit this by sending a specially crafted packet.

Recommendations For Nest Cam IQ Indoor version 4620002, consider disabling the Weave error reporting functionality as a temporary workaround until a patch is available. Restrict access to the Weave Exchange Session to minimize the risk of exploitation. Avoid using specially crafted weave packets in the affected functionality until the issue is resolved.

Exploit

Correção

Improper Access Control

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-346

Identificadores relacionados

CVE-2019-5036

Produtos afetados

Nest Cam Iq Indoor

PT-2019-17422 · Nest · Nest Cam Iq Indoor

CVE-2019-5036

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3