| Vulnerability Name: | CCN-11442 | ||||||
| Published: | 2003-02-28 | ||||||
| Updated: | 2003-02-28 | ||||||
| Summary: | Multiple Axis Communications network video camera and video server devices are vulnerable to a buffer overflow in the embedded Web server. A vulnerability in the built-in Web server in the could allow a remote attacker to create arbitrary files and directories on the system. A remote attacker could send a specially-crafted URL request to the command.cgi script containing relative path sequences in the "buffername" and "format" parameters, which could allow the attacker to create arbitrary directories and files on the system. | ||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||
| Vulnerability Consequences: | File Manipulation | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Feb 28 2003 - 03:46:12 CST axis2400 webcams Source: CCN Type: BugTraq Mailing List, Tue Mar 25 2003 - 08:30:35 CST Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI Source: CCN Type: Axis Communications Web site AXIS 2400 Video Server Source: CCN Type: BID-6987 Axis Communications Video Server Command.CGI File Creation Vulnerability Source: XF Type: UNKNOWN axis-command-file-create(11442) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||