CVE-2016-7830

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.

CVSS v3 8.8 HIGH
CVSS v2.0 5.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://jvn.jp/en/jp/JVN42070907/index.html	Third Party Advisory VDB Entry
https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*

OR	cpe:2.3:h:sony:pcs-xg100:-:::::::*
	cpe:2.3:h:sony:pcs-xg100s:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*

cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*

OR	cpe:2.3:h:sony:pcs-xg77:-:::::::*
	cpe:2.3:h:sony:pcs-xg77s:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*

cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-09 16:29

Updated : 2024-02-04 19:29

NVD link : CVE-2016-7830

Mitre link : CVE-2016-7830

CVE.ORG link : CVE-2016-7830

JSON object : View

Products Affected

sony

pcs-xg100s
pcs-xg77s
pcs-xg77
pcs-xg100c
pcs-xc1_firmware
pcs-xc1
pcs-xg77_firmware
pcs-xg77c
pcs-xg100_firmware
pcs-xg100

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2016-7830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-06-09T16:29:01.080", "references": [{"url": "https://jvn.jp/en/jp/JVN42070907/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."}, {"lang": "es", "value": "Dispositivos Sony PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C, PCS-XG77C con versiones de firmware anteriores a la versi\u00f3n 1.51 y dispositivos PCS-XC1 con versi\u00f3n de firmware anterior a la versi\u00f3n 1.22, permiten a un atacante en el mismo segmento de red omitir la autenticaci\u00f3n para realizar operaciones administrativas a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-06-22T12:37:48.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:pcs-xg100_firmware:1.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D66787-EA68-459A-8B6B-DDE3297A686F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:pcs-xg100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22E568C0-86AF-4886-9709-A83018CE6C2F"}, {"criteria": "cpe:2.3:h:sony:pcs-xg100s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D37C7C1-76E1-42FE-9A64-B3A6DDDA5DC7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:pcs-xg100_firmware:1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB542813-B53F-44BD-B8D5-161667E77411"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:pcs-xg100c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0817A1C4-2A4F-4D79-AC63-100A1D4B5998"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:pcs-xg77_firmware:1.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1374A1FF-C50E-442B-9549-E4F388946128"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:pcs-xg77:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "030DCC5E-8633-4086-BAC9-F5FD4E7D46D4"}, {"criteria": "cpe:2.3:h:sony:pcs-xg77s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EEDB48B7-9DC3-422D-A649-7B7C094B4ED8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:pcs-xg77_firmware:1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C667897-92BE-45E7-9B4D-426D80511D67"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:pcs-xg77c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "657B512E-81A1-4603-904E-1875814BF48B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sony:pcs-xc1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D21324B-1210-4E7F-80FB-3FD284035B7A", "versionEndIncluding": "1.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sony:pcs-xc1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8141874D-CF91-4A17-A56E-EE8B10E0C66B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}