Описание
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 12.0.0 (включая) до 12.6.18 (исключая)
Одновременно
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Одно из
cpe:2.3:h:axis:a1210_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1214:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1610_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1710-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1810-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1110-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1210-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1211-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1310-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1410_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1510:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1511:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1610-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1710:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1720:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c6110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8210:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d1110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d201-s_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2110-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2210-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d3110_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4100-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4200-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d6310:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xf_q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-bt:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa54:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-safety:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7020:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8016-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8116-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8307-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1055-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1075-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2035-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2036-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3057-plr_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3085-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3088-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3125-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3126-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3128-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3215-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3905-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4225-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4227-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4228-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4308-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5526-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7104:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7116:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1245_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1265_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1275_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1475-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3735-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3737-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3738-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3747-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3748-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3818-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3905-r_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-lre:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3935-lr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4708-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5655-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5676-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7304:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7316:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p9117-pv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615-le_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1686-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1715:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1798-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1805-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1806-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1808-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1809-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-xte:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1971-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1972-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2112-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3546-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3548-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3556-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3558-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3819-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-spve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q4809-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6020-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-s:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-se:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6078-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6135-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6225-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6300-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6315-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6318-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6355-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6358-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8615-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q9307-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3016:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s4000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5925:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5938:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w100:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w101:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w102:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w120:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w401:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xc1311:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xf40-q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xpq1785:-:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00028
Низкий
6.4 Medium
CVSS3
6.7 Medium
CVSS3
Дефекты
CWE-35
Связанные уязвимости
CVSS3: 6.4
github
3 месяца назад
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
EPSS
Процентиль: 7%
0.00028
Низкий
6.4 Medium
CVSS3
6.7 Medium
CVSS3
Дефекты
CWE-35