10
CVE-2017-20049
- EPSS 0.35%
- Veröffentlicht 15.06.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 03:22:31
- Quelle product-security@axis.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Axis ≫ P1204 Firmware Version <= 5.50.4
Axis ≫ P3225 Firmware Version <= 6.30.1
Axis ≫ P3367 Firmware Version <= 6.10.1.2
Axis ≫ M3045 Firmware Version <= 6.15.4.1
Axis ≫ M3005 Firmware Version <= 5.50.5.7
Axis ≫ M3007 Firmware Version <= 6.30.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.