Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_AXISCOMMUNICATION_CVE-2018-9156.NASL
HistoryJan 23, 2024 - 12:00 a.m.

Axis Communication P1354 IP Camera Remote Code Execution (CVE-2018-9156)

2024-01-2300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
axis communication
p1354
ip camera
remote code execution
cve-2018-9156
firmware
security issue
file upload
webshell
apache http server
vulnerability
tenable.ot
tenable

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.4%

JSON

An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn’t verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501936);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/15");

  script_cve_id("CVE-2018-9156");

  script_name(english:"Axis Communication P1354 IP Camera Remote Code Execution (CVE-2018-9156)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An issue was discovered on AXIS P1354 (IP camera) Firmware version
5.90.1.1 devices. The upload web page doesn't verify the file type,
and an attacker can upload a webshell by making a fileUpload.shtml
request for a custom .shtml file, which is interpreted by the Apache
HTTP Server mod_include module with <!--#exec cmd= support. The file
needs to include a specific string to meet the internal system
architecture. After the webshell upload, an attacker can use the
webshell to perform remote code execution such as running a system
command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly
indicates that this is an intended feature or functionality

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.slideshare.net/secret/aewA1dZwZ9FQ8g");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9156");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(434);

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p1354_firmware:5.90.1.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/AxisCommunication");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/AxisCommunication');

var asset = tenable_ot::assets::get(vendor:'AxisCommunication');

var vuln_cpes = {
    "cpe:/o:axis:p1354_firmware:5.90.1.1" :
        {"versionEndIncluding" : "5.90.1.1", "versionStartIncluding" : "5.90.1.1", "family" : "AxisCommunication"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
axisp1354_firmware5.90.1.1cpe:/o:axis:p1354_firmware:5.90.1.1

Related

cve 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2018-9156
2018-04-01 18:29:00
nvd
nvd
CVE-2018-9156
2018-04-01 18:29:00
prion
prion
Cross site request forgery (csrf)
2018-04-01 18:29:00
cvelist
cvelist
CVE-2018-9156
2018-04-01 18:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.4%

JSON
Related for TENABLE_OT_AXISCOMMUNICATION_CVE-2018-9156.NASL
cve1nvd1prion1cvelist1