Lucene search

HistoryJan 23, 2024 - 12:00 a.m.

Axis Communication P3225 and M3005 Network Cameras Improper Privilege Management (CVE-2017-20049)

2024-01-2300:00:00

www.tenable.com

vulnerability

tenable.ot

axiscommunication

privilege management

cgi script

remote attack

cve-2017-20049

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501939);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/15");

  script_cve_id("CVE-2017-20049");

  script_name(english:"Axis Communication P3225 and M3005 Network Cameras Improper Privilege Management (CVE-2017-20049)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability, was found in legacy Axis devices such as P3225 and
M3005. This affects an unknown part of the component CGI Script. The
manipulation leads to improper privilege management. It is possible to
initiate the attack remotely.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11fa6c2d");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-20049");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(269);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3005_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3007_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3045_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p1204_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p3225_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p3367_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/AxisCommunication");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/AxisCommunication');

var asset = tenable_ot::assets::get(vendor:'AxisCommunication');

var vuln_cpes = {
    "cpe:/o:axis:p1204_firmware" :
        {"versionEndIncluding" : "5.50.4", "family" : "AxisCommunication"},
    "cpe:/o:axis:p3225_firmware" :
        {"versionEndIncluding" : "6.30.1", "family" : "AxisCommunication"},
    "cpe:/o:axis:p3367_firmware" :
        {"versionEndIncluding" : "6.10.1.2", "family" : "AxisCommunication"},
    "cpe:/o:axis:m3045_firmware" :
        {"versionEndIncluding" : "6.15.4.1", "family" : "AxisCommunication"},
    "cpe:/o:axis:m3005_firmware" :
        {"versionEndIncluding" : "5.50.5.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:m3007_firmware" :
        {"versionEndIncluding" : "6.30.1.1", "family" : "AxisCommunication"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20049

www.nessus.org/u?11fa6c2d

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Related for TENABLE_OT_AXISCOMMUNICATION_CVE-2017-20049.NASL