AXIS Camera gSOAP Message Handling RCE (ACV-116267) (Devil's Ivy)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a remote code execution
vulnerability.

Description :

The remote AXIS camera is running a firmware version that is missing a
security patch. It is, therefore, affected by a remote code execution
vulnerability, known as Devil's Ivy, due to an overflow condition that
exists in a third party SOAP library (gSOAP). An unauthenticated,
remote attacker can exploit this, via a POST message exceeding 2GB of
data, to trigger a stack-based buffer overflow, resulting in a denial
of service condition or the execution of arbitrary code.

An attacker who successfully exploits this vulnerability can reset the
camera to its factory defaults, change network settings, take complete
control of the camera, or reboot it to prevent an operator from
viewing the feed.

See also :

https://www.axis.com/files/faq/ACV116267_(CVE-2017-9765).pdf
https://www.axis.com/ftp/pub_soft/MPQT/SR/acv_116267_patched_fw.txt
http://blog.senr.io/devilsivy.html

Solution :

Upgrade to the latest available firmware version for your device per
the vendor advisory (ACV-116267).

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 101810 ()

Bugtraq ID: 99868

CVE ID: CVE-2017-9765

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now