Alta Aware — 1083: Unhandled panic when handling paths with non-UTF-8 characters

:

Alta Aware — 1083: Unhandled panic when handling paths with non-UTF-8 characters

Release Date

14th of February 2024.

Overview

It was discovered that non-UTF-8 characters in the path could trigger a panic in an API endpoint on Ava Cloud.

Affected Products

Ava Cloud: before 24th January 2024.

Unaffected Products

Ava Aware: all versions.
Ava Cameras: all versions.
Ava Cloud: from 24th January 2024

Resolution

A fix was deployed to the Ava Cloud on 24th January 2024. Ava Cloud customers do not need to take any additional action.

Vulnerability Information

CVSSv3 score: 6.5 (Medium)
CVSSv3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Mitigations

There are no known mitigations for this issue.

Work arounds

There are no known work arounds for this issue.

Acknowledgements

Issue found internally by Ava Security.

Disclosure Timeline

23/01/2024 Issue found internally by Ava Security
23/01/2024 Root cause established
23/01/2024 Fix identified
24/01/2024 Patched Ava Cloud released
14/02/2024 Vulnerability publicly disclosed

Avigilon Privacy Statement

Copyright © 2024, Motorola Solutions, Inc.