Ava-460: Serial number could be leaked in man-in-the-middle attack
14th March 2022.
Under specific video streaming circumstances the Aware instance serial number may be leaked during the Ava Smart Path negotiation.
- Ava Cloud: before 28th June 2021.
- Ava Aware: all versions.
- Ava cameras: all versions.
- Ava Cloud: from 28th June 2021.
A fix was deployed to the Ava Cloud on 28th June 2021. Ava Cloud customers do not need to take any additional action.
- CVE: pending
- CVSSv3 score: 3.1 (Low)
- CVSSv3 vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
There are no known mitigations for this issue.
There are no known work arounds for this issue.
Issue found internally by Ava Security.
- 17/06/2021 Issue found internally by Ava Security
- 17/06/2021 Root cause established
- 17/06/2021 Fix identified
- 28/06/2021 Patched Ava Cloud released
- 14/03/2022 Vulnerability publicly disclosed