Axis Camera Multiple Products RCE (Devil's Ivy)

High Nessus Network Monitor Plugin ID 7279

Synopsis

The Remote host is vulnerable to a remote code execution vulnerability.

Description

The remote host is vulnerable to a flaw which allows a remote attacker to control the system. The flaw, nicknamed Devil's Ivy stems from a buffer overflow in the gSoap component.

Solution

The vendor has released a patch to address this issue.

Plugin Details

Severity: High

ID: 7279

Version: 1.0

Family: IoT

Published: 2017/07/19

Modified: 2018/08/16

Risk Information

Risk Factor: High

CVSSv2

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:C

Reference Information

CVE: CVE-2017-9765