 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.813446 |
| Categoría: | Web application abuses |
| Título: | Axis Network Camera Multiple Vulnerabilities-June18 |
| Resumen: | Axis Network Cameras is prone to multiple vulnerabilities. |
| Descripción: | Summary: Axis Network Cameras is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Requests to a world-readable file that are followed by a backslash and end with the '.srv' extension (e.g. http://example.com/index.html/a.srv) are treated by the authorization code as standard requests to the index.html and thus granted access, while the requests are also treated as legitimate requests to an .srv path, and are thus handled by the .srv handler, simultaneously. - Legitimate requests that reach /bin/ssid's .srv functionality can choose one of several actions by setting the action parameter in the query-string of the request. One possible action is dbus, which allows the user to invoke any dbus request as root, without any restriction on the destination or content. Authorization mechanism that is intended to limit dbus request, PolicyKit, is configured to automatically grant access to requests originating from the root user. - The 'parhand ShellParser' does not sanitize special shell characters and also does not quote the parameter's values. Some of these parameters end up in configuration files in shell variable assignment format. These parameters are later used by shell init-scripts which run as a result of the setter command, that is executed when applying a new value for a parameter by running the sync command. - Insufficient sanitation of input passed via 'PATH_INFO' that ends with the '.srv' extension to a '.cgi' script. - Insufficient sanitation of 'return_page' and 'servermanager_return_page query-string parameters in /bin/ssid's .srv functionality. - An error in the 'libdbus-send.so' shared object triggered due to insufficient sanitation for crafted dbus-requests. - Insufficient sanitation of crafted command that can result in a code path that calls the UND undefined ARM instruction. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass the web-server's authorization mechanism, conduct shell command injections, crash the httpd process, gain access to sensitive information, crash '/bin/ssid' process and get unrestricted dbus access for users of the '.srv' functionality. Affected Software/OS: Axis IP Cameras with more than 390 models are affected. Please see the references for a complete list. Solution: Upgrade to latest firmware available from vendor. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-10658 Common Vulnerability Exposure (CVE) ID: CVE-2018-10659 Common Vulnerability Exposure (CVE) ID: CVE-2018-10660 Common Vulnerability Exposure (CVE) ID: CVE-2018-10661 Common Vulnerability Exposure (CVE) ID: CVE-2018-10662 Common Vulnerability Exposure (CVE) ID: CVE-2018-10663 Common Vulnerability Exposure (CVE) ID: CVE-2018-10664 |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |