Описание
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.18.0 (исключая)
cpe:2.3:a:axis:ip_utility:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.0072
Низкий
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
CWE-427
Связанные уязвимости
CVSS3: 7.8
github
почти 4 года назад
AXIS IP Utility prior to 4.17.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
EPSS
Процентиль: 72%
0.0072
Низкий
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
CWE-427