CVE-2023-26039 — HIGH (7.1)

Q: How severe is CVE-2023-26039?

CVE-2023-26039 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-26039?

Check the references section above for vendor advisories and patch information. Affected products include: Zoneminder Zoneminder.

Vulnerability Description

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zoneminder	Zoneminder	< 1.36.33

Related Weaknesses (CWE)

CWE-78

References

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9gPatchVendor Advisory
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9gPatchVendor Advisory

FAQ

What is CVE-2023-26039?

CVE-2023-26039 is a vulnerability with a CVSS score of 7.1 (HIGH). ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Inject...

How severe is CVE-2023-26039?

CVE-2023-26039 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26039?

Check the references section above for vendor advisories and patch information. Affected products include: Zoneminder Zoneminder.