Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 25, 2024

CVE-2024-8956

High
EPSS 83.6%CISA KEV
PTZOptics/PT30X-SDI/NDI Cameras

Description

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root.

EPSS — Exploit Probability

83.6%

Higher than 99.3% of all CVEs

Required Action

https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8956

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
83.6%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Nov 4, 2024

Added to KEV

Nov 4, 2024

Remediation Due

Nov 25, 2024

Affected Product

PTZOptics

PT30X-SDI/NDI Cameras

View all PTZOptics CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE