CVE-2023-26035 Scanner
CVE-2023-26035 Scanner - Remote Code Execution (RCE) vulnerability in ZoneMinder
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
25 days 6 hours
Scan only one
Domain, IPv4
Toolbox
-
ZoneMinder is utilized by institutions and individuals needing advanced surveillance capabilities. It supports a range of camera types, including IP, USB, and Analog, and operates primarily on Linux systems. Notably, it's an open-source alternative, which makes it a cost-effective solution for various monitoring needs. Administrators and IT managers applaud its comprehensive functionality tailored for security purposes. Many deploy ZoneMinder in environments where monitoring multiple camera feeds is crucial. Its flexibility and open-source nature cater to diverse operational requirements in surveillance.
The vulnerability identified pertains to Command Injection, a severe flaw in ZoneMinder. It arises from inadequate authorization checks in snapshot actions which are accessible without authentication. This flaw permits unauthorized users to execute arbitrary commands via crafting specific requests. With the vulnerability hinged on shell execution functions, attackers can manipulate inputs to gain unauthorized access and control. The potential for remote code execution highlights the critical nature of this vulnerability. Ensuring proper authorization on all endpoints would mitigate this risk.
Technical details reveal that the vulnerable endpoint is the snapshot action URL, where improper checks lead to exposure. Attackers exploit this by manipulating the ‘id’ parameter, normally required to fetch an existing monitor snapshot. Instead, they can inject commands that the server erroneously processes and executes. The absence of permissions checks compounds the risk, as any unauthenticated user is provided with this access. Employing shell_exec calls increases vulnerability intensity by allowing any command injected via user input. Addressing such issues involves implementing stricter access controls and sanitizing inputs before processing.
If exploited, this vulnerability allows attackers to execute arbitrary commands at the server level, leading to various malicious outcomes. Unauthorized access to system functions can compromise data integrity and confidentiality. Attackers might deploy scripts or malware, disrupt services, or exfiltrate sensitive information, thereby breaching the secure operational environment. The possible repercussions emphasize the importance of immediate remediation to prevent system exploitation. Failure to mitigate can expose systems to prolonged unauthorized access, leading to data breaches or loss of operational functionality.
REFERENCES
- https://www.rapid7.com/db/modules/exploit/unix/webapp/zoneminder_snapshots/
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
- https://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html
- https://github.com/rvizx/CVE-2023-26035
- https://nvd.nist.gov/vuln/detail/CVE-2023-26035