Overview
A vulnerability in various Axis Communications products may allow unauthorized remote privileged access.
Description
Axis Communications Inc. produces network-enabled cameras and video servers. The company describes itself as "an innovative market leader in network video and print servers. Axis' products and solutions are focused on applications such as security surveillance, remote monitoring and document management." A crafted URL sent to an affected device may allow a remote attacker to take a number of privileged actions, essentially gaining superuser access. For further details, please see the Core Security Technologies Advisory. |
Impact
Quoting from the Core Security Technologies Advisory: |
Solution
Apply a vendor-supplied firmware upgrade. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://securitytracker.com/alerts/2003/May/1006854.html
- http://www.iss.net/security_center/static/12104.php
- http://www.secunia.com/advisories/8876/
- http://www.securityfocus.com/bid/7652
- http://www.axis.com/us/aboutus.asp
- http://www.axis.com/
Acknowledgements
This vulnerability was discovered by Juliano Rizzo of Core Security Technologies.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | CVE-2003-0240 |
| Severity Metric: | 15.00 |
| Date Public: | 2003-05-27 |
| Date First Published: | 2003-06-05 |
| Date Last Updated: | 2003-06-05 15:10 UTC |
| Document Revision: | 20 |