Vulnerabilities > CVE-2020-24055 - Out-of-bounds Write vulnerability in Verint 4320 Firmware and 5620Ptz Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

verint

CWE-787

NVD

Published: 2020-08-21

Updated: 2020-08-27

Summary

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.

Vulnerable Configurations

Part	Description	Count
OS	Verint Verint 5620Ptz Firmware Verint_Fw_0_42 Verint 4320 Firmware V4320_Fw_0_23 Verint 4320 Firmware V4320_Fw_0_31	3
Hardware	Verint Verint 5620Ptz - Verint 4320 -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://ioac.tv/2Nbc40h
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/