FKIE_CVE-2021-38701
Vulnerability from fkie_nvd - Published: 2021-12-15 07:15 - Updated: 2024-11-21 06:17
Severity ?
Summary
Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| motorola | t008_firmware | * | |
| motorola | t008 | - | |
| motorola | t100_firmware | * | |
| motorola | t100 | - | |
| motorola | t101_firmware | * | |
| motorola | t101 | - | |
| motorola | t102_firmware | * | |
| motorola | t102 | - | |
| motorola | t103_firmware | * | |
| motorola | t103 | - | |
| motorola | t200_firmware | * | |
| motorola | t200 | - | |
| motorola | t201_firmware | * | |
| motorola | t201 | - | |
| motorola | t204_firmware | * | |
| motorola | t204 | - | |
| motorola | t205_firmware | * | |
| motorola | t205 | - | |
| motorola | t290_firmware | * | |
| motorola | t290 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD42F596-151C-43BF-821C-1157F58EF750",
"versionEndExcluding": "2.2.0.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14021E52-2D46-4C9F-A004-85DA30D53C0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F78434DC-8D0E-4ABA-8FF2-84611D215F96",
"versionEndExcluding": "2.6.0.180",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF5D73D-15F4-4FAF-9BCA-3C43B992DBF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4690115-A15D-4984-9D1C-F64D2760A98E",
"versionEndExcluding": "2.6.0.180",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B178C9-6B65-4175-845B-54468AF25FF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87B4B6E2-377F-4311-A74E-422AD6C00559",
"versionEndExcluding": "2.6.0.180",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F47D0AE7-05E3-4E9A-A948-591500CBA5C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E638D409-219A-4FAA-BFDE-97DC142698CD",
"versionEndExcluding": "2.6.0.180",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "985191A5-6159-4E74-9522-0F1CD6C66A4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "748E41DD-08E0-4D31-B4F6-08475B89303D",
"versionEndExcluding": "4.10.0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B84A6-833D-4AA1-9BD5-860521BF4297",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t201_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384EC8FE-DF26-4707-807C-5CF33D8283A0",
"versionEndExcluding": "4.10.0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC7B880-5BE4-498C-9204-26ABA5EA29F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAB44E1-E0BA-40AF-AEB8-6A6E69BE400D",
"versionEndExcluding": "3.28.0.166",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10037964-91DC-44C6-8CBE-69BCD3B8622D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t205_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49ADCACA-11CF-42D8-811D-2279F069165F",
"versionEndExcluding": "4.12.0.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0576B7DA-85AA-4312-ABE4-82C1B68C1747",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:t290_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF7DF80-0D08-4205-B1BF-1AEBAB37B9FC",
"versionEndExcluding": "4.4.0.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:t290:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8989C8-27A7-48EE-A1AE-F1F5AF47439F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180."
},
{
"lang": "es",
"value": "Determinados dispositivos Avigilon de Motorola Solutions permiten un ataque de tipo XSS en la interfaz de usuario administrativa. Esto afecta a dispositivos T200/201 versiones anteriores a 4.10.0.68; T290 versiones anteriores a 4.4.0.80; T008 versiones anteriores a 2.2.0.86; T205 versiones anteriores a 4.12.0.62; T204 versiones anteriores a 3.28.0.166; y T100, T101, T102 y T103 versiones anteriores a 2.6.0.180"
}
],
"id": "CVE-2021-38701",
"lastModified": "2024-11-21T06:17:56.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T07:15:07.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…