10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.9%
A vulnerability in various Axis Communications products may allow unauthorized remote privileged access.
Axis Communications Inc. produces network-enabled cameras and video servers. The company describes itself as “an innovative market leader in network video and print servers. Axis’ products and solutions are focused on applications such as security surveillance, remote monitoring and document management.”
A crafted URL sent to an affected device may allow a remote attacker to take a number of privileged actions, essentially gaining superuser access. For further details, please see the Core Security Technologies Advisory.
Quoting from the Core Security Technologies Advisory:
Using this vulnerability, an attacker can reset the root password, then enable the telnet server by modifying configuration files, giving the attacker interactive access to a Unix like command line, allowing her to execute arbitrary commands as root.
Apply a vendor-supplied firmware upgrade.
799060
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: June 05, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
While we have been unable to find a statement from the vendor, it appears that each of the firmware upgrades includes the following statement:
Some security issues in the web server have been solved.
For example, please see .
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23799060 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was discovered by Juliano Rizzo of Core Security Technologies.
This document was written by Ian A Finlay.
CVE IDs: | CVE-2003-0240 |
---|---|
Severity Metric: | 15.00 Date Public: |