← Back

CVE-2017-20049

nvd nist
Published: Jun 15, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

Affected (6)

Axis
6 products
P1204 Firmware
P3225 Firmware
P3367 Firmware
M3045 Firmware
M3005 Firmware
M3007 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P1204 Firmware
Up to 5.50.4
Running on/withPlatform Versions
Axis
P1204
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P3225 Firmware
Up to 6.30.1
Running on/withPlatform Versions
Axis
P3225
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P3367 Firmware
Up to 6.10.1.2
Running on/withPlatform Versions
Axis
P3367
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
M3045 Firmware
Up to 6.15.4.1
Running on/withPlatform Versions
Axis
M3045
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
M3005 Firmware
Up to 5.50.5.7
Running on/withPlatform Versions
Axis
M3005
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
M3007 Firmware
Up to 6.30.1.1
Running on/withPlatform Versions
Axis
M3007
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: product-security@axis.com
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.