Security Advisories

Ava-633: External viewer video wall stream remains accessible after view is unshared
Release Date 28th of July 2022. Overview An external viewer video wall would remain accessible after the associated video wall was unshared from other us...
Tue, 26 Jul, 2022 at 3:34 PM
Ava-636: Old credentials could still be used after being rotated on the Ava Camera web UI
Release Date 28th of July 2022. Overview The Ava Camera web UI would accept old admin credentials even after they had been rotated. Affected Products ...
Tue, 26 Jul, 2022 at 3:34 PM
Ava-657: Possibility for Ava Aware users to see ongoing sensor alarms for sites they lack permissions for
Release Date 28th July 2022. Overview An Ava Aware user with permissions to view alarms from a least one site would also be able to see ongoing sensor al...
Tue, 26 Jul, 2022 at 3:34 PM
Ava-665: An authenticated external viewer could list cameras outside the shared video view
Release Date 28th July 2022. Overview An authenticated external viewer could use the Ava Aware API to list more cameras than those that were added to the...
Tue, 26 Jul, 2022 at 3:34 PM
Ava-670 Preliminary vulnerability advisory
Release Date 14 July 2022. Overview Ava Security have been informed about a vulnerability in the Ava Aware and Ava Cameras software and are resolving the...
Thu, 14 Jul, 2022 at 3:03 PM
Ava-661: Authenticated RTSP stream user could cause availability loss to Ava Aware
Release Date 14th of July 2022. Overview An authenticated RTSP stream user could use the API to force a restart of Ava Aware. Affected Products Ava Aw...
Fri, 8 Jul, 2022 at 11:55 AM
Ava-619: Ava products possibly vulnerable to denial of service or data tampering via TLS
Release Date 8th July 2022. Overview Due to a vulnerability in the Golang's crypto/elliptic package, there was a possibility an attacker might be ab...
Wed, 6 Jul, 2022 at 1:46 PM
Ava-631: SSH shell on Ava Aware and Camera did not timeout
Release Date 8th July 2022. Overview The SSH shell on Ava Aware and Ava Cameras would not time out, allowing a user to remain logged in indefinitely. Af...
Wed, 6 Jul, 2022 at 1:45 PM
Ava-658 Preliminary vulnerability advisory
Release Date 4 July 2022. Overview Ava Security have found a vulnerability in the Ava Aware software and are resolving the issue. Further details relati...
Tue, 5 Jul, 2022 at 11:58 AM
Ava-661 Preliminary vulnerability advisory
Release Date 4 July 2022. Overview Ava Security have found a vulnerability in the Ava Aware software and are resolving the issue. Further details relati...
Tue, 5 Jul, 2022 at 11:55 AM