Lucene search
K

axis700.txt

🗓️ 10 Feb 2000 00:00:00Reported by Ian VitekType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 24 Views

Bypassing authentication on Axis 700 Network Scanner allows unauthorized access to admin page.

Code
`Infosec Security Vulnerability Report  
No: Infosec.20000207.axis700.a  
=====================================  
  
Vulnerability Summary  
---------------------  
  
Problem: Bypassing authentication on Axis 700 Network Scanner;  
By modifying an URL, outsiders can access  
administrator URLs without entering username  
and password.  
  
Threat: Unauthorized access.  
  
Platform: Axis 700 Network Scanner Server  
(Software Version 1.12)  
  
Solution: Non? Se below.  
  
  
Vulnerability Description  
-------------------------  
User pages are located under http://server/user/.  
The URL to the configuration page is:  
http://server/admin/this_axis700/this_axis700.shtml  
This page is password protected. The actual configuration takes place on the  
pages linked from this page. By changing the URL to:  
http://server/user/../admin/this_axis700/this_axis700.shtml  
gives an outsider access to the configuration page without entering username and  
password. The server seems to check access permissions before URL conversion.  
The server also decodes %1u to %2e (not a vulnerability).  
  
Solution  
--------  
<<Quote_from_Axis_Support  
Hi,,  
  
You will find the latest version on http://www.axis.se/techsup  
  
  
Best Regards  
  
XXXXXX XXXXXXX  
Quote_from_Axis_Support  
  
Nothing says that version 1.14 will fix this vulnerability.  
  
  
Other information  
-----------------  
Infosec recommends everyone to try to access their authorized pages with URLs  
as:  
http://server/NonPrivPage/../PrivPage/  
  
Infosec thanks weld at l0pht for the inspiration  
(http://www.l0pht.com/advisories/showcode.txt)  
  
//Ian Vitek  
[email protected]  
  
-------------------------------  
Infosec is a Swedish based tigerteam that have worked with computer-related  
security since 1982 and done penetration tests and technical revisions since  
1996. Infosec is now searching for co-workers. Call Blume on +46-8-6621070 for  
more information.  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation