CVE-2022-28860

Medium

5.9/10

Summary

An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Jul 21, 2022

CVE-2022-28860

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS