Alta Video — 1594: Recovery mode logs included URL allowing overwriting data in GCP storage bucket

Release Date

10th February 2025.

Overview

A vulnerability allowing unauthorized modification of a GCP storage bucket was identified in the camera's recovery mode logging. The camera logs included the GCP bucket's upload URL, granting access to modify data in the bucket for a short time window. This vulnerability required pre-existing access to the camera logs. Exploitation was limited to overwriting data within the bucket; read access is not granted.

Affected Products

• Avigilon Cloud-Native Cameras:
• All Stable upgrade Channel versions before 7.0.8.
• All Beta upgrade channel versions before 7.0.4.

Unaffected Products

• Alta Video: all versions.
• Avigilon Cloud-Native Cameras:
• All Stable upgrade channel versions after and including 7.0.8.
• All Beta upgrade channel versions after and including 7.0.4.
• Alta Video Cloud: all versions.

Resolution

This issue has been fixed in Avigilon Cloud-Native Cameras Beta upgrade channel version 7.0.4 and Stable upgrade channel version 7.0.8.

It is *strongly recommended* that all installations running an affected version are upgraded to the latest release as soon as possible. Releases are available to download through the Alta Video User Interface.

Vulnerability Information

• CVSSv3 score: 4.3 (Medium)
• CVSSv3 vector: [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Mitigations

There are no known mitigations for this issue.

Work arounds

There are no known work arounds for this issue.

Acknowledgements

Issue discovered internally.

Disclosure Timeline

• 19/07/2024 Issue found
• 17/07/2024 Root cause established
• 22/07/2024 Fix identified
• 25/07/2024 Patched Avigilon Cloud-Native Cameras (Beta upgrade channel) released
• 27/08/2024 Patched Avigilon Cloud-Native Cameras (Stable upgrade channel) released
• 10/02/2025 Vulnerability publicly disclosed