CVE-2021-31988

EPSS 1.02%
Veröffentlicht 05.10.2021 22:15:07
Zuletzt bearbeitet 21.11.2024 06:06:40
Quelle product-security@axis.com
Teams Watchlist Login
Unerledigt Login

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axis ≫ Axis Os SwEditionactive Version < 10.7

Axis ≫ Axis Os 2016 SwEditionlts Version < 6.50.5.5

Axis ≫ Axis Os 2018 SwEditionlts Version < 8.40.4.3

Axis ≫ Axis Os 2020 SwEditionlts Version < 9.80.3.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.02%	0.752

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://www.axis.com/files/tech_notes/CVE-2021-31988.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-31988

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31988

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31988

EUVD