CVE-2017-20049 — Improper Privilege Management in M3005 Firmware

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 41.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis M3005 Firmware Axis M3007 Firmware Axis M3045 Firmware +4 more

Timeline

PublishedJun 15

Latest updateJun 16

Description

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDaxis/m3005_firmware5.50.5.7

▶NVDaxis/p3225_firmware6.30.1

▶NVDaxis/m3007_firmware6.30.1.1

▶NVDaxis/m3045_firmware6.15.4.1

▶NVDaxis/p1204_firmware5.50.4

🔴Vulnerability Details

GHSA

GHSA-mh3r-vrg4-68p4: A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007↗2022-06-16

▶

CVEList

CVE-2017-20049: A vulnerability, was found in legacy Axis devices such as P3225 and M3005↗2022-06-15

▶