CVE-2017-20049

EPSS 0.35%
Published 15.06.2022 18:15:08
Last modified 21.11.2024 03:22:31
Source product-security@axis.com
Teams watchlist Login
Open Login

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Axis ≫ P1204 Firmware Version <= 5.50.4

Axis ≫ P1204 Version-

Axis ≫ P3225 Firmware Version <= 6.30.1

Axis ≫ P3225 Version-

Axis ≫ P3367 Firmware Version <= 6.10.1.2

Axis ≫ P3367 Version-

Axis ≫ M3045 Firmware Version <= 6.15.4.1

Axis ≫ M3045 Version-

Axis ≫ M3005 Firmware Version <= 5.50.5.7

Axis ≫ M3005 Version-

Axis ≫ M3007 Firmware Version <= 6.30.1.1

Axis ≫ M3007 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.569

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf

https://nvd.nist.gov/vuln/detail/CVE-2017-20049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-20049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-20049

EUVD