NVD脆弱性詳細

CVE-2004-2425

概要	Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
公表日	2004年12月31日14:00
登録日	2021年1月29日18:01
最終更新日	2017年7月11日10:31

CVSS2.0 : HIGH
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	はい
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:h:axis:2100_network_camera:2.12:::::::*
cpe:2.3:h:axis:2100_network_camera:2.30:::::::*
cpe:2.3:h:axis:2100_network_camera:2.31:::::::*
cpe:2.3:h:axis:2100_network_camera:2.32:::::::*
cpe:2.3:h:axis:2100_network_camera:2.33:::::::*
cpe:2.3:h:axis:2100_network_camera:2.34:::::::*
cpe:2.3:h:axis:2100_network_camera:2.40:::::::*
cpe:2.3:h:axis:2100_network_camera:2.41:::::::*
cpe:2.3:h:axis:2110_network_camera:2.12:::::::*
cpe:2.3:h:axis:2110_network_camera:2.30:::::::*
cpe:2.3:h:axis:2110_network_camera:2.31:::::::*
cpe:2.3:h:axis:2110_network_camera:2.32:::::::*
cpe:2.3:h:axis:2110_network_camera:2.34:::::::*
cpe:2.3:h:axis:2110_network_camera:2.40:::::::*
cpe:2.3:h:axis:2110_network_camera:2.41:::::::*
cpe:2.3:h:axis:2120_network_camera:2.12:::::::*
cpe:2.3:h:axis:2120_network_camera:2.30:::::::*
cpe:2.3:h:axis:2120_network_camera:2.31:::::::*
cpe:2.3:h:axis:2120_network_camera:2.32:::::::*
cpe:2.3:h:axis:2120_network_camera:2.34:::::::*
cpe:2.3:h:axis:2120_network_camera:2.40:::::::*
cpe:2.3:h:axis:2120_network_camera:2.41:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:::::::*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.1:::::::*
cpe:2.3:h:axis:2400_video_server:1.2:::::::*
cpe:2.3:h:axis:2400_video_server:1.10:::::::*
cpe:2.3:h:axis:2400_video_server:1.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.12:::::::*
cpe:2.3:h:axis:2400_video_server:1.15:::::::*
cpe:2.3:h:axis:2400_video_server:2.0:::::::*
cpe:2.3:h:axis:2400_video_server:2.20:::::::*
cpe:2.3:h:axis:2400_video_server:2.30:::::::*
cpe:2.3:h:axis:2400_video_server:2.31:::::::*
cpe:2.3:h:axis:2400_video_server:2.32:::::::*
cpe:2.3:h:axis:2400_video_server:2.33:::::::*
cpe:2.3:h:axis:2400_video_server:2.34:::::::*
cpe:2.3:h:axis:2400_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:1.0_1:::::::*
cpe:2.3:h:axis:2401_video_server:1.15:::::::*
cpe:2.3:h:axis:2401_video_server:2.20:::::::*
cpe:2.3:h:axis:2401_video_server:2.30:::::::*
cpe:2.3:h:axis:2401_video_server:2.31:::::::*
cpe:2.3:h:axis:2401_video_server:2.32:::::::*
cpe:2.3:h:axis:2401_video_server:2.33:::::::*
cpe:2.3:h:axis:2401_video_server:2.34:::::::*
cpe:2.3:h:axis:2401_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:3.13:::::::*
cpe:2.3:h:axis:2411_video_server:3.12:::::::*
cpe:2.3:h:axis:2411_video_server:3.13:::::::*
cpe:2.3:h:axis:2420_network_camera:2.12:::::::*
cpe:2.3:h:axis:2420_network_camera:2.30:::::::*
cpe:2.3:h:axis:2420_network_camera:2.31:::::::*
cpe:2.3:h:axis:2420_network_camera:2.32:::::::*
cpe:2.3:h:axis:2420_network_camera:2.33:::::::*
cpe:2.3:h:axis:2420_network_camera:2.34:::::::*
cpe:2.3:h:axis:2420_network_camera:2.40:::::::*
cpe:2.3:h:axis:2420_network_camera:2.41:::::::*
cpe:2.3:h:axis:2420_video_server:2.32:::::::*
cpe:2.3:h:axis:2420_video_server:2.34:::::::*
cpe:2.3:h:axis:2460_network_dvr::::::::
cpe:2.3:h:axis:2460_network_dvr:3.10:::::::*
cpe:2.3:h:axis:2460_network_dvr:3.11:::::::*
cpe:2.3:h:axis:2490_serial_server::::::::
cpe:2.3:h:axis:2490_serial_server:2.11.3:::::::*
cpe:2.3:h:axis:250s_video_server::::::::
cpe:2.3:h:axis:250s_video_server:3.03:::::::*
cpe:2.3:h:axis:250s_video_server:3.10:::::::*
cpe:2.3:h:axis:storpoint_cd::::::::

構成1	以上	以下	より上	未満
cpe:2.3:h:axis:2100_network_camera:2.12:::::::*
cpe:2.3:h:axis:2100_network_camera:2.30:::::::*
cpe:2.3:h:axis:2100_network_camera:2.31:::::::*
cpe:2.3:h:axis:2100_network_camera:2.32:::::::*
cpe:2.3:h:axis:2100_network_camera:2.33:::::::*
cpe:2.3:h:axis:2100_network_camera:2.34:::::::*
cpe:2.3:h:axis:2100_network_camera:2.40:::::::*
cpe:2.3:h:axis:2100_network_camera:2.41:::::::*
cpe:2.3:h:axis:2110_network_camera:2.12:::::::*
cpe:2.3:h:axis:2110_network_camera:2.30:::::::*
cpe:2.3:h:axis:2110_network_camera:2.31:::::::*
cpe:2.3:h:axis:2110_network_camera:2.32:::::::*
cpe:2.3:h:axis:2110_network_camera:2.34:::::::*
cpe:2.3:h:axis:2110_network_camera:2.40:::::::*
cpe:2.3:h:axis:2110_network_camera:2.41:::::::*
cpe:2.3:h:axis:2120_network_camera:2.12:::::::*
cpe:2.3:h:axis:2120_network_camera:2.30:::::::*
cpe:2.3:h:axis:2120_network_camera:2.31:::::::*
cpe:2.3:h:axis:2120_network_camera:2.32:::::::*
cpe:2.3:h:axis:2120_network_camera:2.34:::::::*
cpe:2.3:h:axis:2120_network_camera:2.40:::::::*
cpe:2.3:h:axis:2120_network_camera:2.41:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:::::::*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.1:::::::*
cpe:2.3:h:axis:2400_video_server:1.2:::::::*
cpe:2.3:h:axis:2400_video_server:1.10:::::::*
cpe:2.3:h:axis:2400_video_server:1.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.12:::::::*
cpe:2.3:h:axis:2400_video_server:1.15:::::::*
cpe:2.3:h:axis:2400_video_server:2.0:::::::*
cpe:2.3:h:axis:2400_video_server:2.20:::::::*
cpe:2.3:h:axis:2400_video_server:2.30:::::::*
cpe:2.3:h:axis:2400_video_server:2.31:::::::*
cpe:2.3:h:axis:2400_video_server:2.32:::::::*
cpe:2.3:h:axis:2400_video_server:2.33:::::::*
cpe:2.3:h:axis:2400_video_server:2.34:::::::*
cpe:2.3:h:axis:2400_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:1.0_1:::::::*
cpe:2.3:h:axis:2401_video_server:1.15:::::::*
cpe:2.3:h:axis:2401_video_server:2.20:::::::*
cpe:2.3:h:axis:2401_video_server:2.30:::::::*
cpe:2.3:h:axis:2401_video_server:2.31:::::::*
cpe:2.3:h:axis:2401_video_server:2.32:::::::*
cpe:2.3:h:axis:2401_video_server:2.33:::::::*
cpe:2.3:h:axis:2401_video_server:2.34:::::::*
cpe:2.3:h:axis:2401_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:3.13:::::::*
cpe:2.3:h:axis:2411_video_server:3.12:::::::*
cpe:2.3:h:axis:2411_video_server:3.13:::::::*
cpe:2.3:h:axis:2420_network_camera:2.12:::::::*
cpe:2.3:h:axis:2420_network_camera:2.30:::::::*
cpe:2.3:h:axis:2420_network_camera:2.31:::::::*
cpe:2.3:h:axis:2420_network_camera:2.32:::::::*
cpe:2.3:h:axis:2420_network_camera:2.33:::::::*
cpe:2.3:h:axis:2420_network_camera:2.34:::::::*
cpe:2.3:h:axis:2420_network_camera:2.40:::::::*
cpe:2.3:h:axis:2420_network_camera:2.41:::::::*
cpe:2.3:h:axis:2420_video_server:2.32:::::::*
cpe:2.3:h:axis:2420_video_server:2.34:::::::*
cpe:2.3:h:axis:2460_network_dvr::::::::
cpe:2.3:h:axis:2460_network_dvr:3.10:::::::*
cpe:2.3:h:axis:2460_network_dvr:3.11:::::::*
cpe:2.3:h:axis:2490_serial_server::::::::
cpe:2.3:h:axis:2490_serial_server:2.11.3:::::::*
cpe:2.3:h:axis:250s_video_server::::::::
cpe:2.3:h:axis:250s_video_server:3.03:::::::*
cpe:2.3:h:axis:250s_video_server:3.10:::::::*
cpe:2.3:h:axis:storpoint_cd::::::::

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html	FULLDISC	Exploit
2	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html	FULLDISC	Patch Vendor Advisory
3	http://secunia.com/advisories/12353	SECUNIA	Patch Vendor Advisory
4	http://securitytracker.com/id?1011056	SECTRACK	Exploit Patch
5	http://www.osvdb.org/9121	OSVDB
6	http://www.securityfocus.com/bid/11011	BID	Patch
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/17076	XF