CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.8%
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501964);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/18");
script_cve_id("CVE-2023-5677");
script_name(english:"Axis Communication Multiple Products Remote Code Execution (CVE-2023-5677)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Brandon Rothel from QED Secure Solutions has found that the VAPIX API
tcptest.cgi did not have a sufficient input validation allowing for a
possible remote code execution. This flaw can only be exploited after
authenticating with an operator- or administrator-privileged service
account. The impact of exploiting this vulnerability is lower with
operator-privileges compared to administrator-privileges service
accounts. Axis has released patched AXIS OS versions for the
highlighted flaw. Please refer to the Axis security advisory for more
information and solution.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c2ca664d");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5677");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(94);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3024-l_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3024-lve_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3025-ve_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m7014_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m7016_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p1214-e_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p7214_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p7216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7404_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7414_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7424-r_mk_ii_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/AxisCommunication");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/AxisCommunication');
var asset = tenable_ot::assets::get(vendor:'AxisCommunication');
var vuln_cpes = {
"cpe:/o:axis:m3024-l_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m3024-lve_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m3025-ve_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m7014_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:m7016_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:p1214-e_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:p7214_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:p7216_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7401_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7404_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7414_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
"cpe:/o:axis:q7424-r_mk_ii_firmware" :
{"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.8%