10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.8%
ACTi Cameras are prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:acti:acti";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106649");
script_version("2023-07-25T05:05:58+0000");
script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
script_tag(name:"creation_date", value:"2017-03-14 12:58:36 +0700 (Tue, 14 Mar 2017)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-09 23:27:00 +0000 (Wed, 09 Oct 2019)");
script_cve_id("CVE-2017-3184", "CVE-2017-3185", "CVE-2017-3186");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"WillNotFix");
script_name("ACTi Cameras Multiple Vulnerabilities");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_acti_devices_detect.nasl");
script_mandatory_keys("acti_device/detected");
script_tag(name:"summary", value:"ACTi Cameras are prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Tries to access the factory reset page and checks the response.");
script_tag(name:"insight", value:"ACTi Cameras are prone to multiple vulnerabilities:
- Missing authentication for the factory reset page. (CVE-2017-3184)
- The web application uses the GET method to process requests that contain sensitive information such as user
account name and password, which can expose that information through the browser's history, referrers, web logs,
and other sources. (CVE-2017-3185)
- Device uses non-random default credentials across all devices. A remote attacker can take complete control of a
device using default admin credentials. (CVE-2017-3186)");
script_tag(name:"affected", value:"ACTi devices including D, B, I, and E series models using firmware version
A1D-500-V6.11.31-AC");
script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.");
script_xref(name:"URL", value:"https://www.kb.cert.org/vuls/id/355151");
exit(0);
}
include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!dir = get_app_location(cpe: CPE, port: port))
exit(0);
if (dir == "/")
dir = "";
url = dir + "/setup/setup_maintain_firmware-default.html";
if (http_vuln_check(port: port, url: url, pattern: "Factory Default", check_header: TRUE,
extra_check: "SETTING_FACTORY_DEFAULT_CONFIG")) {
report = http_report_vuln_url(port: port, url: url);
security_message(port: port, data: report);
exit(0);
}
exit(0);
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.8%