Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2425

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2425
Last Modified 05 Sep 2008 04:44:05
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2425

Summary

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Vulnerable Systems


References

BID - 11011

SECTRACK - 1011056

SECUNIA - 12353

FULLDISC - 20040831 Axis Network Camera and Video Server Security Advisory

XF - asix-command-execution(17076)

OSVDB - 9121

FULLDISC - 20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers


Last Updated: 27 May 2016 10:39:28