CVE-2023-26035

EUVD-2023-29921
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
GitHub_MCNA
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
zoneminderzoneminder
𝑥
< 1.36.33
zoneminderzoneminder
1.37.00 ≤
𝑥
< 1.37.33
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zoneminder
bookworm
1.36.33+dfsg1-1
fixed
bullseye
unimportant
sid
1.36.33+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zoneminder
bionic
dne
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr