TOCTOU Race Condition in ZoneMinder: Persistent Session Access Vulnerability

TOCTOU Race Condition in ZoneMinder: Persistent Session Access Vulnerability

CVE-2019-7347 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).

Learn more about our User Device Pen Test.