CVE-2003-0240

Current Description

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Basic Data

PublishedJune 09, 2003
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareAxis2100 Network Camera********2.32
    2.3HardwareAxis2110 Network Camera********2.32
    2.3HardwareAxis2120 Network Camera********2.32
    2.3HardwareAxis2130 Ptz Network Camera********2.32
    2.3HardwareAxis2400 Video Server********2.32
    2.3HardwareAxis2401 Video Server********2.32
    2.3HardwareAxis2420 Network Camera********2.32
    2.3HardwareAxis2460 Network Dvr********3.00
    2.3HardwareAxis250s Video Server********3.02

Vulnerable Software List

VendorProductVersions
Axis 2130 Ptz Network Camera *
Axis 2400 Video Server *
Axis 2401 Video Server *
Axis 2420 Network Camera *
Axis 2460 Network Dvr *
Axis 250s Video Server *
Axis 2100 Network Camera *
Axis 2110 Network Camera *
Axis 2120 Network Camera *

References

NameSourceURLTags
20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypasshttp://marc.info/?l=bugtraq&m=105406374731579&w=2BUGTRAQ
8876http://secunia.com/advisories/8876SECUNIA
1006854http://securitytracker.com/id?1006854SECTRACK
http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10MISC
VU#799060http://www.kb.cert.org/vuls/id/799060CERT-VNUS Government Resource
4804http://www.osvdb.org/4804OSVDB
7652http://www.securityfocus.com/bid/7652BID
axis-admin-authentication-bypass(12104)https://exchange.xforce.ibmcloud.com/vulnerabilities/12104XF