|
[Japanese]
|
JVNDB-2022-000086
|
Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure
|
|
Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability (CWE-200).
Cameron Palmer of PROMON reported this vulnerability to Aiphone Co., Ltd. and coordinated. Aiphone Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
|
|
CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.9 (Low) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
|
AIPHONE CO., LTD.
- GT-DB-VN with firmware versions prior to 2.00
- GT-DMB with firmware versions prior to 3.00
- GT-DMB-LVN with firmware versions prior to 3.00
- GT-DMB-N with firmware versions prior to 3.00
|
|
|
An attacker who can obtain specific information of the product and access the product may obtain sensitive information stored in the device.
|
|
[Use the products with the fixed firmware]
According to the developer, the vulnerability has been fixed since December 2021.
Please inquire the developer the information on the support of the products released before December 2021.
|
|
AIPHONE CO., LTD.
|
|
- Information Exposure(CWE-200) [IPA Evaluation]
|
|
- CVE-2022-40903
|
|
- JVN : JVN#75437943
- National Vulnerability Database (NVD) : CVE-2022-40903
|
|
- [2022/11/10]
Web page was published
- [2024/06/06]
References : Content was added
|
