Sign-up

ID

VAR-200306-0102


CVE

CVE-2003-0240


TITLE

Various Axis products allow unauthorized remote privileged access

Trust: 0.8

sources: CERT/CC: VU#799060

DESCRIPTION

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). A vulnerability in various Axis Communications products may allow unauthorized remote privileged access. By making a request for a specially formatted URL, it may be possible for remote users to access the administrative configuration interface without being prompted for authentication. Axis network video can transmit and capture on-site images directly through IP network, allowing users to view and manage the camera system with a WEB browser. The management tool of the Axis network video system does not properly handle user access restrictions. After setting up the Axis network video system, a WEB-based management tool is provided for users to access to configure and manage the camera system. Users can access it by requesting the following URL: http://camera-ip/admin/admin.shtml However, the above connection needs to provide a user name and password, but due to the incorrect design of access restrictions, an attacker can access the management interface without a password by submitting the following URL: http://camera-ip//admin/admin.shtml The user can reset the RO0T password, then modify the configuration file through the telnet service program, and execute arbitrary commands on the system with root user privileges through non-interactive access

Trust: 1.98

sources: NVD: CVE-2003-0240 // CERT/CC: VU#799060 // BID: 7652 // VULHUB: VHN-7069

AFFECTED PRODUCTS

vendor:axismodel:2120 network camerascope:lteversion:2.32

Trust: 1.0

vendor:axismodel:2401 video serverscope:lteversion:2.32

Trust: 1.0

vendor:axismodel:2110 network camerascope:lteversion:2.32

Trust: 1.0

vendor:axismodel:2100 network camerascope:lteversion:2.32

Trust: 1.0

vendor:axismodel:2460 network dvrscope:lteversion:3.00

Trust: 1.0

vendor:axismodel:2130 ptz network camerascope:lteversion:2.32

Trust: 1.0

vendor:axismodel:250s video serverscope:lteversion:3.02

Trust: 1.0

vendor:axismodel:2400 video serverscope:lteversion:2.32

Trust: 1.0

vendor:axismodel:2420 network camerascope:lteversion:2.32

Trust: 1.0

vendor:axismodel: - scope: - version: -

Trust: 0.8

vendor:axismodel:2400 video serverscope:eqversion:2.32

Trust: 0.6

vendor:axismodel:2460 network dvrscope:eqversion:3.00

Trust: 0.6

vendor:axismodel:2110 network camerascope:eqversion:2.32

Trust: 0.6

vendor:axismodel:2420 network camerascope:eqversion:2.32

Trust: 0.6

vendor:axismodel:2130 ptz network camerascope:eqversion:2.32

Trust: 0.6

vendor:axismodel:250s video serverscope:eqversion:3.02

Trust: 0.6

vendor:axismodel:2401 video serverscope:eqversion:2.32

Trust: 0.6

vendor:axismodel:2120 network camerascope:eqversion:2.32

Trust: 0.6

vendor:axismodel:2100 network camerascope:eqversion:2.32

Trust: 0.6

vendor:axismodel:communications video serverscope:eqversion:24002.31

Trust: 0.3

vendor:axismodel:communications ptz network camerascope:neversion:21302.34

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:24202.32

Trust: 0.3

vendor:axismodel:communications network dvrscope:neversion:24603.10

Trust: 0.3

vendor:axismodel:communications ptz network camerascope:eqversion:21302.30

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21002.31

Trust: 0.3

vendor:axismodel:communications video serverscope:eqversion:24002.30

Trust: 0.3

vendor:axismodel:communications network camerascope:neversion:21002.34

Trust: 0.3

vendor:axismodel:communications network camerascope:neversion:21202.34

Trust: 0.3

vendor:axismodel:communications ptz network camerascope:eqversion:21302.31

Trust: 0.3

vendor:axismodel:communications video serverscope:eqversion:24012.31

Trust: 0.3

vendor:axismodel:communications video serverscope:neversion:24012.34

Trust: 0.3

vendor:axismodel:communications video serverscope:neversion:24002.34

Trust: 0.3

vendor:axismodel:communications video serverscope:eqversion:24002.32

Trust: 0.3

vendor:axismodel:communications network camerascope:neversion:24202.34

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21002.32

Trust: 0.3

vendor:axismodel:communications ptz network camerascope:eqversion:21302.32

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21002.30

Trust: 0.3

vendor:axismodel:communications video serverscope:eqversion:24012.32

Trust: 0.3

vendor:axismodel:communications video serverscope:eqversion:24202.32

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21202.30

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21102.30

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21202.32

Trust: 0.3

vendor:axismodel:communications network camerascope:neversion:21102.34

Trust: 0.3

vendor:axismodel:communications video serverscope:eqversion:24012.30

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21202.31

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:24202.31

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21102.31

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:24202.30

Trust: 0.3

vendor:axismodel:communications 250s video serverscope:neversion:3.03

Trust: 0.3

vendor:axismodel:communications network camerascope:eqversion:21102.32

Trust: 0.3

sources: CERT/CC: VU#799060 // BID: 7652 // CNNVD: CNNVD-200306-010 // NVD: CVE-2003-0240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0240
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#799060
value: 15.00

Trust: 0.8

CNNVD: CNNVD-200306-010
value: CRITICAL

Trust: 0.6

VULHUB: VHN-7069
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0240
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7069
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#799060 // VULHUB: VHN-7069 // CNNVD: CNNVD-200306-010 // NVD: CVE-2003-0240

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200306-010

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200306-010

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-7069

EXTERNAL IDS
db:BIDid:7652
Trust: 2.8
db:SECTRACKid:1006854
Trust: 2.5
db:SECUNIAid:8876
Trust: 2.5
db:CERT/CCid:VU#799060
Trust: 2.5
db:NVDid:CVE-2003-0240
Trust: 2.0
db:OSVDBid:4804
Trust: 1.7
db:CNNVDid:CNNVD-200306-010
Trust: 0.7
db:BUGTRAQid:20030527 CORE-2003-0403: AXIS NETWORK CAMERA HTTP AUTHENTICATION BYPASS
Trust: 0.6
db:XFid:12104
Trust: 0.6
db:EXPLOIT-DBid:22626
Trust: 0.1
db:SEEBUGid:SSVID-76425
Trust: 0.1
db:VULHUBid:VHN-7069
Trust: 0.1
sources:
            
            
            CERT/CC: VU#799060 // 
            
            
            
            VULHUB: VHN-7069 // 
            
            
            
            BID: 7652 // 
            
            
            
            CNNVD: CNNVD-200306-010 // 
            
            
            
            NVD: CVE-2003-0240

REFERENCES
url:http://www.securityfocus.com/bid/7652
Trust: 2.5
url:http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
Trust: 2.4
url:http://www.kb.cert.org/vuls/id/799060
Trust: 1.7
url:http://www.osvdb.org/4804
Trust: 1.7
url:http://securitytracker.com/id?1006854
Trust: 1.7
url:http://secunia.com/advisories/8876
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/12104
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=105406374731579&w=2
Trust: 1.0
url:http://securitytracker.com/alerts/2003/may/1006854.html
Trust: 0.8
url:http://www.iss.net/security_center/static/12104.php
Trust: 0.8
url:http://www.secunia.com/advisories/8876/
Trust: 0.8
url:http://www.axis.com/us/aboutus.asp
Trust: 0.8
url:http://www.axis.com/
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/12104
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=105406374731579&w=2
Trust: 0.6
url:http://www.axis.com/products/camera_servers/index.htm
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=105406374731579&w=2
Trust: 0.1
url:http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
Trust: 0.1
sources:
            
            
            CERT/CC: VU#799060 // 
            
            
            
            VULHUB: VHN-7069 // 
            
            
            
            BID: 7652 // 
            
            
            
            CNNVD: CNNVD-200306-010 // 
            
            
            
            NVD: CVE-2003-0240

CREDITS
Core Security Technologies Advisory
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200306-010

SOURCES
db:CERT/CCid:VU#799060
db:VULHUBid:VHN-7069
db:BIDid:7652
db:CNNVDid:CNNVD-200306-010
db:NVDid:CVE-2003-0240

LAST UPDATE DATE
2024-08-14T13:51:23.283000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#799060date:2003-06-05T00:00:00
db:VULHUBid:VHN-7069date:2017-07-11T00:00:00
db:BIDid:7652date:2009-07-11T22:06:00
db:CNNVDid:CNNVD-200306-010date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0240date:2017-07-11T01:29:29.463

SOURCES RELEASE DATE
db:CERT/CCid:VU#799060date:2003-06-05T00:00:00
db:VULHUBid:VHN-7069date:2003-06-09T00:00:00
db:BIDid:7652date:2003-05-27T00:00:00
db:CNNVDid:CNNVD-200306-010date:2003-05-23T00:00:00
db:NVDid:CVE-2003-0240date:2003-06-09T04:00:00