Detections
Analytics

AXIS HTTP GET Heap Overflow

critical Nessus Plugin ID 105159

Language:

Synopsis

The remote device is affected by an heap overflow vulnerability that may lead to remote code execution.

Description

The remote AXIS device is affected by a heap overflow vulnerability in its web administration interface due to a flaw in handling of special characters. An unauthenticated remote attacker can exploit this vulnerability for denial of service and possibly remote code execution.

Solution

Follow the vendor recommendation for upgrade or mitigation.

See Also

https://www.axis.com/files/faq/Advisory_ACV-120444.pdf

Plugin Details

Severity: Critical

ID: 105159

File Name: axis_www_heap_overflow.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 12/12/2017

Updated: 12/22/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Heap overflow vulnerability

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.3

Temporal Score: 8.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: x-cpe:/h:axis:network_camera

Required KB Items: installed_sw/AXIS device

Patch Publication Date: 9/17/2017

Vulnerability Publication Date: 11/27/2017