Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_AXISCOMMUNICATION_CVE-2023-5677.NASLHistoryFeb 12, 2024 - 12:00 a.m.
Axis Communication Multiple Products Remote Code Execution (CVE-2023-5677)
2024-02-1200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
axis communication
remote code execution
cve-2023-5677
vapix api
input validation
authentication
service account
operator privileges
administrator privileges
axis os
security advisory
tenable.ot
scanner
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.9%
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501964);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/18");
script_cve_id("CVE-2023-5677");
script_name(english:"Axis Communication Multiple Products Remote Code Execution (CVE-2023-5677)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Brandon Rothel from QED Secure Solutions has found that the VAPIX API
tcptest.cgi did not have a sufficient input validation allowing for a
possible remote code execution. This flaw can only be exploited after
authenticating with an operator- or administrator-privileged service
account. The impact of exploiting this vulnerability is lower with
operator-privileges compared to administrator-privileges service
accounts. Axis has released patched AXIS OS versions for the
highlighted flaw. Please refer to the Axis security advisory for more
information and solution.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c2ca664d");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5677");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(94);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3024-l_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3024-lve_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3025-ve_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m7014_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m7016_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p1214-e_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p7214_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p7216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7404_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7414_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7424-r_mk_ii_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/AxisCommunication");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/AxisCommunication');
var asset = tenable_ot::assets::get(vendor:'AxisCommunication');
var vuln_cpes = {
"cpe:/o:axis:m3024-l_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m3024-lve_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m3025-ve_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m7014_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m7016_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:p1214-e_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:p7214_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:p7216_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7401_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7404_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7414_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7424-r_mk_ii_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| axis | m3024-lve_firmware | cpe:/o:axis:m3024-lve_firmware | |
| axis | m3025-ve_firmware | cpe:/o:axis:m3025-ve_firmware | |
| axis | m7014_firmware | cpe:/o:axis:m7014_firmware | |
| axis | m7016_firmware | cpe:/o:axis:m7016_firmware | |
| axis | p1214-e_firmware | cpe:/o:axis:p1214-e_firmware | |
| axis | p7214_firmware | cpe:/o:axis:p7214_firmware | |
| axis | p7216_firmware | cpe:/o:axis:p7216_firmware | |
| axis | q7401_firmware | cpe:/o:axis:q7401_firmware | |
| axis | q7404_firmware | cpe:/o:axis:q7404_firmware | |
| axis | q7424-r_mk_ii_firmware | cpe:/o:axis:q7424-r_mk_ii_firmware |
Related
openvas
openvas
AXIS OS RCE Vulnerability (Feb 2024)
2024-02-28 00:00:00
prion
prion
Input validation
2024-02-05 06:15:00
cve
cve
CVE-2023-5677
2024-02-05 06:15:46
cvelist
cvelist
CVE-2023-5677 Insufficient input validation in VAPIX API tcptext.cgi
2024-02-05 05:20:24
nvd
nvd
CVE-2023-5677
2024-02-05 06:15:46
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.9%
Related for TENABLE_OT_AXISCOMMUNICATION_CVE-2023-5677.NASL