Axis Storpoint CD Admin Authentication Bypass

critical Nessus Plugin ID 10023

Synopsis

The remote host is affected by an authentication bypass vulnerability.

Description

The remote host is running Axis StorPoint. It is possible to access the administration interface with a specially crafted URL that contains directory traversal characters.

Solution

Upgrade to Axis StorPoint 4.28 or newer.

See Also

https://seclists.org/bugtraq/2000/Feb/476

Plugin Details

Severity: Critical

ID: 10023

File Name: axis.nasl

Version: 1.35

Type: remote

Family: CGI abuses

Published: 3/3/2000

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/29/2000

Reference Information

CVE: CVE-2000-0191

BID: 1025