CVE-2019-5036

CWE-284 — Improper Access Control CWE-3463 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 78.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Nest CAM IQ Indoor Firmware

Timeline

PublishedAug 20

Latest updateMay 24

Description

An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/nest_cam_iq_indoor_firmware4620002

▶CVEListV5nest_labsNest Labs Nest Cam IQ Indoor version 4620002

🔴Vulnerability Details

GHSA

GHSA-mw53-8qf5-qwp2: An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002↗2022-05-24

▶

CVEList

CVE-2019-5036: An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002↗2019-08-20

▶