Lucene search

[email protected]NVD:CVE-2015-8257

HistoryMay 02, 2017 - 2:59 p.m.

CVE-2015-8257

2017-05-0214:59:00

CWE-77

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

Affected configurations

Nvd

Node

axisnetwork_camera_firmwareMatch-

AND

axiscannon_network_cameraMatch-

axisexplosion-protected_cameraMatch-

axisfixed_box_cameraMatch-

axisfixed_bullet_cameraMatch-

axisfixed_dome_cameraMatch-

axismodular_cameraMatch-

axisonboard_cameraMatch-

axispanoramic_cameraMatch-

axisptz_cameraMatch-

axisthermal_cameraMatch-

VendorProductVersionCPE
axisnetwork_camera_firmware-cpe:2.3:o:axis:network_camera_firmware:-:*:*:*:*:*:*:*
axiscannon_network_camera-cpe:2.3:h:axis:cannon_network_camera:-:*:*:*:*:*:*:*
axisexplosion-protected_camera-cpe:2.3:h:axis:explosion-protected_camera:-:*:*:*:*:*:*:*
axisfixed_box_camera-cpe:2.3:h:axis:fixed_box_camera:-:*:*:*:*:*:*:*
axisfixed_bullet_camera-cpe:2.3:h:axis:fixed_bullet_camera:-:*:*:*:*:*:*:*
axisfixed_dome_camera-cpe:2.3:h:axis:fixed_dome_camera:-:*:*:*:*:*:*:*
axismodular_camera-cpe:2.3:h:axis:modular_camera:-:*:*:*:*:*:*:*
axisonboard_camera-cpe:2.3:h:axis:onboard_camera:-:*:*:*:*:*:*:*
axispanoramic_camera-cpe:2.3:h:axis:panoramic_camera:-:*:*:*:*:*:*:*
axisptz_camera-cpe:2.3:h:axis:ptz_camera:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
axis	network_camera_firmware	-	cpe:2.3:o:axis:network_camera_firmware:-:::::::*
axis	cannon_network_camera	-	cpe:2.3:h:axis:cannon_network_camera:-:::::::*
axis	explosion-protected_camera	-	cpe:2.3:h:axis:explosion-protected_camera:-:::::::*
axis	fixed_box_camera	-	cpe:2.3:h:axis:fixed_box_camera:-:::::::*
axis	fixed_bullet_camera	-	cpe:2.3:h:axis:fixed_bullet_camera:-:::::::*
axis	fixed_dome_camera	-	cpe:2.3:h:axis:fixed_dome_camera:-:::::::*
axis	modular_camera	-	cpe:2.3:h:axis:modular_camera:-:::::::*
axis	onboard_camera	-	cpe:2.3:h:axis:onboard_camera:-:::::::*
axis	panoramic_camera	-	cpe:2.3:h:axis:panoramic_camera:-:::::::*
axis	ptz_camera	-	cpe:2.3:h:axis:ptz_camera:-:::::::*

Rows per page:

1-10 of 111

References

packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html

www.securityfocus.com/bid/92159

www.exploit-db.com/exploits/40171/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

Related for NVD:CVE-2015-8257

exploitdb1 cvelist1 exploitpack1 prion1 packetstorm1 zdt1 cve1