Details of VAR-200705-0404

ID

VAR-200705-0404

CVE

CVE-2007-2680

TITLE

Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-000301

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. Input passed to certain parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest firmware versions. VB100 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb100farm.html VB101 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb101farm.html VB150 V1.1 R41: http://cweb.canon.jp/drv-upd/webview/vb150farm.html PROVIDED AND/OR DISCOVERED BY: Reported in a JVN repository. ORIGINAL ADVISORY: Canon: http://cweb.canon.jp/drv-upd/webview/notification.html OTHER REFERENCES: JVN#06735665: http://jvn.jp/jp/JVN%2306735665/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2680 // JVNDB: JVNDB-2007-000301 // BID: 23560 // VULHUB: VHN-26042 // PACKETSTORM: 56086

AFFECTED PRODUCTS

vendor:	canon	model:	network camera server vb150	scope:	eq	version:	1.1	Trust: 1.6
vendor:	canon	model:	network camera server vb100	scope:	eq	version:	3.0	Trust: 1.6
vendor:	canon	model:	network camera server vb101	scope:	eq	version:	3.0	Trust: 1.6
vendor:	canon	model:	network camera server	scope:	lte	version:	vb100 and vb101 firmware ver. 3.0 rev.69	Trust: 0.8
vendor:	canon	model:	network camera server	scope:	lte	version:	vb150 firmware ver. 1.1 rev.39	Trust: 0.8
vendor:	canon	model:	network camera server vb150 firm r39	scope:	eq	version:	v1.1	Trust: 0.3
vendor:	canon	model:	network camera server vb101 firm r69	scope:	eq	version:	v3.0	Trust: 0.3
vendor:	canon	model:	network camera server vb100 firm r69	scope:	eq	version:	v3.0	Trust: 0.3
vendor:	canon	model:	network camera server vb150 firm r41	scope:	ne	version:	v1.1	Trust: 0.3
vendor:	canon	model:	network camera server vb101 firm r71	scope:	ne	version:	v3.0	Trust: 0.3
vendor:	canon	model:	network camera server vb100 firm r71	scope:	ne	version:	v3.0	Trust: 0.3

sources: BID: 23560 // JVNDB: JVNDB-2007-000301 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2680
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2007-000301
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200705-282
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-26042
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-2680
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2007-000301
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-26042
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26042 // JVNDB: JVNDB-2007-000301 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-282

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 56086 // CNNVD: CNNVD-200705-282

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:canon:network_camera_server"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2007-000301

PATCH

title:

2007/4/19

url:

http://cweb.canon.jp/drv-upd/webview/notification.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-000301

EXTERNAL IDS

db:	SECUNIA	id:	24940	Trust: 2.6
db:	NVD	id:	CVE-2007-2680	Trust: 2.5
db:	BID	id:	23560	Trust: 2.0
db:	OSVDB	id:	35019	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1461	Trust: 1.7
db:	JVN	id:	JVN06735665	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-000301	Trust: 0.8
db:	CNNVD	id:	CNNVD-200705-282	Trust: 0.7
db:	JVN	id:	JVN#06735665	Trust: 0.6
db:	VULHUB	id:	VHN-26042	Trust: 0.1
db:	PACKETSTORM	id:	56086	Trust: 0.1

sources: VULHUB: VHN-26042 // BID: 23560 // JVNDB: JVNDB-2007-000301 // PACKETSTORM: 56086 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

REFERENCES

url:	http://cweb.canon.jp/drv-upd/webview/notification.html	Trust: 2.1
url:	http://jvn.jp/jp/jvn%2306735665/	Trust: 2.1
url:	http://www.securityfocus.com/bid/23560	Trust: 1.7
url:	http://osvdb.org/35019	Trust: 1.7
url:	http://secunia.com/advisories/24940	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2007/1461	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2007/1461	Trust: 1.1
url:	http://secunia.com/advisories/24940/	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2680	Trust: 0.8
url:	http://jvn.jp/en/jp/jvn06735665/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2680	Trust: 0.8
url:	http://cweb.canon.jp/drv-upd/webview/vb100farm.html	Trust: 0.4
url:	http://cweb.canon.jp/drv-upd/webview/vb101farm.html	Trust: 0.4
url:	http://cweb.canon.jp/drv-upd/webview/vb150farm.html	Trust: 0.4
url:	http://www.canon.com/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/trial/38/request/	Trust: 0.1
url:	http://secunia.com/product/14000/	Trust: 0.1
url:	http://secunia.com/product/14002/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/14001/	Trust: 0.1

sources: VULHUB: VHN-26042 // BID: 23560 // JVNDB: JVNDB-2007-000301 // PACKETSTORM: 56086 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

CREDITS

JVN is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 23560 // CNNVD: CNNVD-200705-282

SOURCES

db:	VULHUB	id:	VHN-26042
db:	BID	id:	23560
db:	JVNDB	id:	JVNDB-2007-000301
db:	PACKETSTORM	id:	56086
db:	CNNVD	id:	CNNVD-200705-282
db:	NVD	id:	CVE-2007-2680

LAST UPDATE DATE

2024-11-23T22:09:54.228000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26042	date:	2011-03-08T00:00:00
db:	BID	id:	23560	date:	2007-04-19T20:51:00
db:	JVNDB	id:	JVNDB-2007-000301	date:	2008-05-21T00:00:00
db:	CNNVD	id:	CNNVD-200705-282	date:	2007-06-14T00:00:00
db:	NVD	id:	CVE-2007-2680	date:	2024-11-21T00:31:23.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26042	date:	2007-05-15T00:00:00
db:	BID	id:	23560	date:	2007-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2007-000301	date:	2008-05-21T00:00:00
db:	PACKETSTORM	id:	56086	date:	2007-04-20T06:48:40
db:	CNNVD	id:	CNNVD-200705-282	date:	2007-05-14T00:00:00
db:	NVD	id:	CVE-2007-2680	date:	2007-05-15T00:19:00