AXIS Multiple Vulnerabilities (ACV-128401)

Critical Nessus Plugin ID 117882

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the host firmware to the version provided in the affected product list.

See Also

http://www.nessus.org/u?471d8c96

https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Plugin Details

Severity: Critical

ID: 117882

File Name: axis_acv-128401.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 2018/10/02

Modified: 2018/10/03

Dependencies: 105160, 117883

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2018-10660

CVSSv2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:axis:network_camera_firmware

Required KB Items: installed_sw/AXIS device

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/06/18

Vulnerability Publication Date: 2018/06/18

Exploitable With

Metasploit (Axis Network Camera .srv to parhand RCE)

Reference Information

CVE: CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, CVE-2018-10664