Axis Communication Multiple Products Remote Code Execution (CVE-2023-5677)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501964);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/18");

  script_cve_id("CVE-2023-5677");

  script_name(english:"Axis Communication Multiple Products Remote Code Execution (CVE-2023-5677)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Brandon Rothel from QED Secure Solutions has found that the VAPIX API
tcptest.cgi did not have a sufficient input validation allowing for a
possible remote code execution. This flaw can only be exploited after
authenticating with an operator- or administrator-privileged service
account. The impact of exploiting this vulnerability is lower with
operator-privileges compared to administrator-privileges service
accounts. Axis has released patched AXIS OS versions for the
highlighted flaw. Please refer to the Axis security advisory for more
information and solution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c2ca664d");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5677");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(94);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/12");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3024-l_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3024-lve_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m3025-ve_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m7014_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:m7016_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p1214-e_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p7214_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:p7216_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7401_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7404_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7414_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:axis:q7424-r_mk_ii_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/AxisCommunication");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/AxisCommunication');

var asset = tenable_ot::assets::get(vendor:'AxisCommunication');

var vuln_cpes = {
    "cpe:/o:axis:m3024-l_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:m3024-lve_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:m3025-ve_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:m7014_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:m7016_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:p1214-e_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:p7214_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:p7216_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:q7401_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:q7404_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:q7414_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"},
    "cpe:/o:axis:q7424-r_mk_ii_firmware" :
        {"versionEndExcluding" : "5.51.7.7", "family" : "AxisCommunication"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);