Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1386

CWE-2644 documents4 sources
Severity
6.4MEDIUM
EPSS
4.2%
top 11.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Axis 2400 Video ServerAxis 2401 Video Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDaxis/2400_video_server5 versions+4
NVDaxis/2401_video_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-p6f6-mqx8-c8mp: AXIS 2400 Video Server 22022-04-29
CVEList
CVE-2003-1386: AXIS 2400 Video Server 22007-10-19

💥Exploits & PoCs

1
Exploit-DB
Axis Communications HTTP Server 2.x - Messages Information Disclosure2003-02-28
CVE-2003-1386 (MEDIUM CVSS 6.4) | AXIS 2400 Video Server 2.00 through | cvebase.io