ID
VAR-200302-0055
TITLE
Axis Communications Video Server Command.CGI File Creation Vulnerability
Trust: 0.3
sources:
BID: 6987
DESCRIPTION
It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.
Trust: 0.3
sources:
BID: 6987
AFFECTED PRODUCTS
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.33 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.33 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.32 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.31 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.20 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.33 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.32 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.31 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.20 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.32 | Trust: 0.3 |
sources:
BID: 6987
THREAT TYPE
network
Trust: 0.3
sources:
BID: 6987
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 6987
EXTERNAL IDS
| db: | BID | id: | 6987 | Trust: 0.3 |
sources:
BID: 6987
REFERENCES
| url: | http://www.axis.com/products/camera_servers/index.htm | Trust: 0.3 |
| url: | /archive/1/316184 | Trust: 0.3 |
| url: | /archive/1/313485 | Trust: 0.3 |
sources:
BID: 6987
CREDITS
Discovery credited to Martin Eiszner <martin@websec.org>.
Trust: 0.3
sources:
BID: 6987
SOURCES
| db: | BID | id: | 6987 |
LAST UPDATE DATE
2022-05-17T01:46:09.985000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 6987 | date: | 2003-02-28T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 6987 | date: | 2003-02-28T00:00:00 |