PT-2019-18552 · Zoneminder+1 · Zoneminder+1

Loginsoft-Research

Published

2019-02-04

Updated

2020-08-24

CVE-2019-7347

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A Time-of-check Time-of-use (TOCTOU) Race Condition issue exists, allowing a nonexistent user to access and modify records, such as adding or deleting Monitors and Users, because a session remains active for an authenticated user even after their deletion from the users table.

Recommendations For ZoneMinder versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALT-PU-2020-1092

ALT-PU-2020-1246

CVE-2019-7347

Affected Products

Alt Linux

Zoneminder

PT-2019-18552 · Zoneminder+1 · Zoneminder+1

CVE-2019-7347

Weakness Enumeration

Related Identifiers

Affected Products

References · 8