8.1

CVE-2021-43442

EPSS 0.43%
Veröffentlicht 11.04.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 06:29:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

I3international ≫ Ax46 Firmware Version5.2.0

I3international ≫ Ax46 Version-

I3international ≫ Ax68 Firmware Version5.0.9

I3international ≫ Ax68 Version-

I3international ≫ Ax78 Firmware Version5.0.9

I3international ≫ Ax78 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5688.php

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43442

EUVD