CVE-2017-20049
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
Se ha encontrado una vulnerabilidad en los dispositivos Axis heredados, como el P3225 y el M3005. Esto afecta a una parte desconocida del componente CGI Script. La manipulaciĆ³n conduce a una gestiĆ³n inadecuada de los privilegios. Es posible iniciar el ataque de forma remota
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-08 CVE Reserved
- 2022-06-15 CVE Published
- 2024-01-06 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Axis Search vendor "Axis" | P1204 Firmware Search vendor "Axis" for product "P1204 Firmware" | <= 5.50.4 Search vendor "Axis" for product "P1204 Firmware" and version " <= 5.50.4" | - |
Affected
| in | Axis Search vendor "Axis" | P1204 Search vendor "Axis" for product "P1204" | - | - |
Safe
|
| Axis Search vendor "Axis" | P3225 Firmware Search vendor "Axis" for product "P3225 Firmware" | <= 6.30.1 Search vendor "Axis" for product "P3225 Firmware" and version " <= 6.30.1" | - |
Affected
| in | Axis Search vendor "Axis" | P3225 Search vendor "Axis" for product "P3225" | - | - |
Safe
|
| Axis Search vendor "Axis" | P3367 Firmware Search vendor "Axis" for product "P3367 Firmware" | <= 6.10.1.2 Search vendor "Axis" for product "P3367 Firmware" and version " <= 6.10.1.2" | - |
Affected
| in | Axis Search vendor "Axis" | P3367 Search vendor "Axis" for product "P3367" | - | - |
Safe
|
| Axis Search vendor "Axis" | M3045 Firmware Search vendor "Axis" for product "M3045 Firmware" | <= 6.15.4.1 Search vendor "Axis" for product "M3045 Firmware" and version " <= 6.15.4.1" | - |
Affected
| in | Axis Search vendor "Axis" | M3045 Search vendor "Axis" for product "M3045" | - | - |
Safe
|
| Axis Search vendor "Axis" | M3005 Firmware Search vendor "Axis" for product "M3005 Firmware" | <= 5.50.5.7 Search vendor "Axis" for product "M3005 Firmware" and version " <= 5.50.5.7" | - |
Affected
| in | Axis Search vendor "Axis" | M3005 Search vendor "Axis" for product "M3005" | - | - |
Safe
|
| Axis Search vendor "Axis" | M3007 Firmware Search vendor "Axis" for product "M3007 Firmware" | <= 6.30.1.1 Search vendor "Axis" for product "M3007 Firmware" and version " <= 6.30.1.1" | - |
Affected
| in | Axis Search vendor "Axis" | M3007 Search vendor "Axis" for product "M3007" | - | - |
Safe
|