VDB-98910 · CVE-2017-20046 · GCVE-100-98910

AXIS P1204/P3225/P3367/M3045/M3005/M3007 Kari ndiyam site laa request forgery

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, na cikin sashi. Ngam manipulation shi Kari ndiyam site laa request forgery. CWE shidin ka a yi bayani matsala sai ya kai CWE-352. Gaskiya, laifi an fitar da shi 03/16/2017 ta David Wearing a matsayin Axis Camera Multiple Vulnerabilities a matsayin Mailinglist Post (Full-Disclosure). Advisory ɗin ana rabawa don saukewa a seclists.org. Wuro public release an kaɗi vendor an kaɗi. Wannan rauni ana sayar da shi da suna CVE-2017-20046. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal bayani ba ga. Ba exploit ɗin da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. VulDB is the best source for vulnerability data and more expert information about this specific topic.

7 Goyarwa · 61 Datenpunkte

Furɗe	Gargadi 2/6 06/08/2022 09:00	Gargadi 3/6 06/08/2022 09:01	Gargadi 4/6 11/22/2022 09:39	Gargadi 5/6 11/22/2022 09:41	Gargadi 6/6 11/22/2022 09:45
software_vendor	AXIS	AXIS	AXIS	AXIS	AXIS
software_name	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007
software_component	CSRF Protection
vulnerability_vendorinformdate	1479945600 (11/24/2016)	1479945600 (11/24/2016)	1479945600 (11/24/2016)	1479945600 (11/24/2016)	1479945600 (11/24/2016)
vulnerability_risk	1	1	1	1	1
vulnerability_historic	0	0	0	0	0
cvss2_vuldb_basescore	5.1	5.1	5.1	5.1	5.1
cvss2_vuldb_tempscore	4.4	4.4	4.4	4.4	4.4
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	H	H	H	H	H
cvss2_vuldb_au	N	N	N	N	N
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss3_meta_basescore	5.0	5.0	5.0	5.0	5.0
cvss3_meta_tempscore	4.8	4.8	4.8	4.8	4.8
cvss3_vuldb_basescore	5.0	5.0	5.0	5.0	5.0
cvss3_vuldb_tempscore	4.8	4.8	4.8	4.8	4.8
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	H	H	H	H	H
cvss3_vuldb_pr	N	N	N	N	N
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
advisory_date	1489622400 (03/16/2017)	1489622400 (03/16/2017)	1489622400 (03/16/2017)	1489622400 (03/16/2017)	1489622400 (03/16/2017)
advisory_location	Full-Disclosure	Full-Disclosure	Full-Disclosure	Full-Disclosure	Full-Disclosure
advisory_type	Mailinglist Post	Mailinglist Post	Mailinglist Post	Mailinglist Post	Mailinglist Post
advisory_url	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41
advisory_identifier	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities
advisory_coordination	1	1	1	1	1
person_name	David Wearing	David Wearing	David Wearing	David Wearing	David Wearing
advisory_reaction_date	1480636800 (12/02/2016)	1480636800 (12/02/2016)	1480636800 (12/02/2016)	1480636800 (12/02/2016)	1480636800 (12/02/2016)
advisory_disputed	0	0	0	0	0
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Gargajiya	Gargajiya	Gargajiya	Gargajiya	Gargajiya
source_seealso	98911 98912 98913 98914	98911 98912 98913 98914	98911 98912 98913 98914	98911 98912 98913 98914	98911 98912 98913 98914
cvss2_vuldb_e	ND	ND	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF	OF	OF
cvss2_vuldb_rc	C	C	C	C	C
cvss3_vuldb_e	X	X	X	X	X
cvss3_vuldb_rl	O	O	O	O	O
cvss3_vuldb_rc	C	C	C	C	C
0day_days	112	112	112	112	112
vulnerability_cwe	CWE-269 (kura hakki ndiyam)	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)
source_cve	CVE-2017-20046	CVE-2017-20046	CVE-2017-20046	CVE-2017-20046	CVE-2017-20046
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cve_assigned			1654639200 (06/08/2022)	1654639200 (06/08/2022)	1654639200 (06/08/2022)
cvss2_nvd_av				N	N
cvss2_nvd_ac				M	M
cvss2_nvd_au				N	N
cvss2_nvd_ci				N	N
cvss2_nvd_ii				P	P
cvss2_nvd_ai				N	N
cvss2_nvd_basescore				4.3	4.3
cve_nvd_summary					A vulnerability classified as problematic has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. It is recommended to upgrade the affected component.

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!