ID

VAR-200705-0404


CVE

CVE-2007-2680


TITLE

Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-000301

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. Input passed to certain parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest firmware versions. VB100 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb100farm.html VB101 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb101farm.html VB150 V1.1 R41: http://cweb.canon.jp/drv-upd/webview/vb150farm.html PROVIDED AND/OR DISCOVERED BY: Reported in a JVN repository. ORIGINAL ADVISORY: Canon: http://cweb.canon.jp/drv-upd/webview/notification.html OTHER REFERENCES: JVN#06735665: http://jvn.jp/jp/JVN%2306735665/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2680 // JVNDB: JVNDB-2007-000301 // BID: 23560 // VULHUB: VHN-26042 // PACKETSTORM: 56086

AFFECTED PRODUCTS

vendor:canonmodel:network camera server vb150scope:eqversion:1.1

Trust: 1.6

vendor:canonmodel:network camera server vb100scope:eqversion:3.0

Trust: 1.6

vendor:canonmodel:network camera server vb101scope:eqversion:3.0

Trust: 1.6

vendor:canonmodel:network camera serverscope:lteversion:vb100 and vb101 firmware ver. 3.0 rev.69

Trust: 0.8

vendor:canonmodel:network camera serverscope:lteversion:vb150 firmware ver. 1.1 rev.39

Trust: 0.8

vendor:canonmodel:network camera server vb150 firm r39scope:eqversion:v1.1

Trust: 0.3

vendor:canonmodel:network camera server vb101 firm r69scope:eqversion:v3.0

Trust: 0.3

vendor:canonmodel:network camera server vb100 firm r69scope:eqversion:v3.0

Trust: 0.3

vendor:canonmodel:network camera server vb150 firm r41scope:neversion:v1.1

Trust: 0.3

vendor:canonmodel:network camera server vb101 firm r71scope:neversion:v3.0

Trust: 0.3

vendor:canonmodel:network camera server vb100 firm r71scope:neversion:v3.0

Trust: 0.3

sources: BID: 23560 // JVNDB: JVNDB-2007-000301 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2680
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2007-000301
value: LOW

Trust: 0.8

CNNVD: CNNVD-200705-282
value: MEDIUM

Trust: 0.6

VULHUB: VHN-26042
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-2680
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2007-000301
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-26042
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26042 // JVNDB: JVNDB-2007-000301 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-282

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 56086 // CNNVD: CNNVD-200705-282

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:canon:network_camera_server"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2007-000301

PATCH

title:2007/4/19url:http://cweb.canon.jp/drv-upd/webview/notification.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-000301

EXTERNAL IDS

db:SECUNIAid:24940

Trust: 2.6

db:NVDid:CVE-2007-2680

Trust: 2.5

db:BIDid:23560

Trust: 2.0

db:OSVDBid:35019

Trust: 1.7

db:VUPENid:ADV-2007-1461

Trust: 1.7

db:JVNid:JVN06735665

Trust: 0.8

db:JVNDBid:JVNDB-2007-000301

Trust: 0.8

db:CNNVDid:CNNVD-200705-282

Trust: 0.7

db:JVNid:JVN#06735665

Trust: 0.6

db:VULHUBid:VHN-26042

Trust: 0.1

db:PACKETSTORMid:56086

Trust: 0.1

sources: VULHUB: VHN-26042 // BID: 23560 // JVNDB: JVNDB-2007-000301 // PACKETSTORM: 56086 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

REFERENCES

url:http://cweb.canon.jp/drv-upd/webview/notification.html

Trust: 2.1

url:http://jvn.jp/jp/jvn%2306735665/

Trust: 2.1

url:http://www.securityfocus.com/bid/23560

Trust: 1.7

url:http://osvdb.org/35019

Trust: 1.7

url:http://secunia.com/advisories/24940

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2007/1461

Trust: 1.4

url:http://www.vupen.com/english/advisories/2007/1461

Trust: 1.1

url:http://secunia.com/advisories/24940/

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2680

Trust: 0.8

url:http://jvn.jp/en/jp/jvn06735665/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2680

Trust: 0.8

url:http://cweb.canon.jp/drv-upd/webview/vb100farm.html

Trust: 0.4

url:http://cweb.canon.jp/drv-upd/webview/vb101farm.html

Trust: 0.4

url:http://cweb.canon.jp/drv-upd/webview/vb150farm.html

Trust: 0.4

url:http://www.canon.com/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://corporate.secunia.com/trial/38/request/

Trust: 0.1

url:http://secunia.com/product/14000/

Trust: 0.1

url:http://secunia.com/product/14002/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/14001/

Trust: 0.1

sources: VULHUB: VHN-26042 // BID: 23560 // JVNDB: JVNDB-2007-000301 // PACKETSTORM: 56086 // CNNVD: CNNVD-200705-282 // NVD: CVE-2007-2680

CREDITS

JVN is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 23560 // CNNVD: CNNVD-200705-282

SOURCES

db:VULHUBid:VHN-26042
db:BIDid:23560
db:JVNDBid:JVNDB-2007-000301
db:PACKETSTORMid:56086
db:CNNVDid:CNNVD-200705-282
db:NVDid:CVE-2007-2680

LAST UPDATE DATE

2024-11-23T22:09:54.228000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26042date:2011-03-08T00:00:00
db:BIDid:23560date:2007-04-19T20:51:00
db:JVNDBid:JVNDB-2007-000301date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200705-282date:2007-06-14T00:00:00
db:NVDid:CVE-2007-2680date:2024-11-21T00:31:23.660

SOURCES RELEASE DATE

db:VULHUBid:VHN-26042date:2007-05-15T00:00:00
db:BIDid:23560date:2007-04-18T00:00:00
db:JVNDBid:JVNDB-2007-000301date:2008-05-21T00:00:00
db:PACKETSTORMid:56086date:2007-04-20T06:48:40
db:CNNVDid:CNNVD-200705-282date:2007-05-14T00:00:00
db:NVDid:CVE-2007-2680date:2007-05-15T00:19:00