AXIS Multiple Vulnerabilities (ACV-128401)

Critical Nessus Plugin ID 117882

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the host firmware to the version provided in the affected product list.

See Also

http://www.nessus.org/u?471d8c96

https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Plugin Details

Severity: Critical

ID: 117882

File Name: axis_acv-128401.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 2018/10/02

Modified: 2018/10/03

Dependencies: 117883, 105160

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2018-10660

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:axis:network_camera_firmware

Required KB Items: installed_sw/AXIS device

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/06/18

Vulnerability Publication Date: 2018/06/18

Exploitable With

Metasploit (Axis Network Camera .srv to parhand RCE)

Reference Information

CVE: CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, CVE-2018-10664