CVE-2017-20049

Published Jun 15, 2022

Last updated a year ago

CVSS critical 9.8

Overview

Description: A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
Source: product-security@axis.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:p1204_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D80172CB-9700-4FCA-A51C-8E7C09612ECE",
            "versionEndIncluding": "5.50.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:p1204:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "339417CD-0D80-4A41-8594-380BBFFC38FD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:p3225_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B92C5ECB-3494-4E52-BC13-DA76892AF752",
            "versionEndIncluding": "6.30.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:p3225:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4C2A7B73-4702-41F9-9B14-284E8DE3ECDB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:p3367_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C001DC0F-EA8D-4E3C-9166-6CB01137B8B9",
            "versionEndIncluding": "6.10.1.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:p3367:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CF90F760-DEFC-4127-BA83-A60BB13F8721"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m3045_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8B93415-A82C-405A-8DE4-A69C6876C1DB",
            "versionEndIncluding": "6.15.4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m3045:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E3060B6-71ED-4A15-A2FD-F9BC004930F6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m3005_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8E31A7F-CC9E-4284-8D4E-6C07923FBDF8",
            "versionEndIncluding": "5.50.5.7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m3005:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "725FBF6F-3736-4897-8AFE-1DE6B6D5EB5F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m3007_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA6C9CF-EE9C-4E19-AEFB-13D8FC581A85",
            "versionEndIncluding": "6.30.1.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m3007:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E4906C0-26D8-45B6-A5FC-4FADE7973781"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References