AXIS Multiple Vulnerabilities (ACV-128401)

Critical Nessus Plugin ID 117882

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the host firmware to the version provided in the affected product list.

See Also

http://www.nessus.org/u?471d8c96

https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Plugin Details

Severity: Critical

ID: 117882

File Name: axis_acv-128401.nasl

Version: 1.3

Type: remote

Family: Misc.

Published: 2018/10/02

Updated: 2019/04/05

Dependencies: 105160, 117883

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2018-10660

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:axis:network_camera_firmware

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/06/18

Vulnerability Publication Date: 2018/06/18

Exploitable With

Metasploit (Axis Network Camera .srv to parhand RCE)

Reference Information

CVE: CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, CVE-2018-10664