National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-10660 Detail

Current Description

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

Source:  MITRE
Description Last Modified:  06/26/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 9.8 CRITICAL
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 3.9


Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

CVSS v2.0 Severity and Metrics:

Base Score: 10.0 HIGH
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0


Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/ Exploit Third Party Advisory
https://www.axis.com/files/faq/Advisory_ACV-128401.pdf Vendor Advisory
https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf Vendor Advisory
https://www.exploit-db.com/exploits/45100/ Exploit Third Party Advisory VDB Entry

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
AND
OR
cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.65.1
OR
cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*
Configuration 2
AND
OR
cpe:2.3:o:axis:a8004-v_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.65.2
OR
cpe:2.3:h:axis:a8004-v:-:*:*:*:*:*:*:*
Configuration 3
AND
OR
cpe:2.3:o:axis:a8105-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.65.2
OR
cpe:2.3:h:axis:a8105-e:-:*:*:*:*:*:*:*
Configuration 4
AND
OR
cpe:2.3:o:axis:a9161_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.65.0
OR
cpe:2.3:h:axis:a9161:-:*:*:*:*:*:*:*
Configuration 5
AND
OR
cpe:2.3:o:axis:a9188_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.65.0
OR
cpe:2.3:h:axis:a9188:-:*:*:*:*:*:*:*
Configuration 6
AND
OR
cpe:2.3:o:axis:a9188-v_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.65.0
OR
cpe:2.3:h:axis:a9188-v:-:*:*:*:*:*:*:*
Configuration 7
AND
OR
cpe:2.3:o:axis:c1004-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.81.040.1
OR
cpe:2.3:h:axis:c1004-e:-:*:*:*:*:*:*:*
Configuration 8
AND
OR
cpe:2.3:o:axis:c2005_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.81.040.1
OR
cpe:2.3:h:axis:c2005:-:*:*:*:*:*:*:*
Configuration 9
AND
OR
cpe:2.3:o:axis:c3003-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.81.040.1
OR
cpe:2.3:h:axis:c3003-e:-:*:*:*:*:*:*:*
Configuration 10
AND
OR
cpe:2.3:o:axis:c8033_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.81.040.1
OR
cpe:2.3:h:axis:c8033:-:*:*:*:*:*:*:*
Configuration 11
AND
OR
cpe:2.3:o:axis:companion_bullet_le_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_bullet_le:-:*:*:*:*:*:*:*
Configuration 12
AND
OR
cpe:2.3:o:axis:companion_c360_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 7.15.2.3
OR
cpe:2.3:h:axis:companion_c360:-:*:*:*:*:*:*:*
Configuration 13
AND
OR
cpe:2.3:o:axis:companion_cube_l_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_cube_l:-:*:*:*:*:*:*:*
Configuration 14
AND
OR
cpe:2.3:o:axis:companion_cube_lw_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_cube_lw:-:*:*:*:*:*:*:*
Configuration 15
AND
OR
cpe:2.3:o:axis:companion_dome_v_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_dome_v:-:*:*:*:*:*:*:*
Configuration 16
AND
OR
cpe:2.3:o:axis:companion_dome_wv_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_dome_wv:-:*:*:*:*:*:*:*
Configuration 17
AND
OR
cpe:2.3:o:axis:companion_eye_l_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_eye_l:-:*:*:*:*:*:*:*
Configuration 18
AND
OR
cpe:2.3:o:axis:companion_eye_lve_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:companion_eye_lve:-:*:*:*:*:*:*:*
Configuration 19
AND
OR
cpe:2.3:o:axis:companion_recorder_4ch_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.20.1
OR
cpe:2.3:h:axis:companion_recorder_4ch:-:*:*:*:*:*:*:*
Configuration 20
AND
OR
cpe:2.3:o:axis:companion_recorder_8ch_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 1.20.1
OR
cpe:2.3:h:axis:companion_recorder_8ch:-:*:*:*:*:*:*:*
Configuration 21
AND
OR
cpe:2.3:o:axis:d2050-ve_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 7.35.4.2
OR
cpe:2.3:h:axis:d2050-ve:-:*:*:*:*:*:*:*
Configuration 22
AND
OR
cpe:2.3:o:axis:f34_main_unit_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:f34_main_unit:-:*:*:*:*:*:*:*
Configuration 23
AND
OR
cpe:2.3:o:axis:f41_main_unit_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:f41_main_unit:-:*:*:*:*:*:*:*
Configuration 24
AND
OR
cpe:2.3:o:axis:f44_dual_audio_input_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:f44_dual_audio_input:-:*:*:*:*:*:*:*
Configuration 25
AND
OR
cpe:2.3:o:axis:f44_main_unit_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:f44_main_unit:-:*:*:*:*:*:*:*
Configuration 26
AND
OR
cpe:2.3:o:axis:fa54_main_unit_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.55.4.5
OR
cpe:2.3:h:axis:fa54_main_unit:-:*:*:*:*:*:*:*
Configuration 27
AND
OR
cpe:2.3:o:axis:m1004-w_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1004-w:-:*:*:*:*:*:*:*
Configuration 28
AND
OR
cpe:2.3:o:axis:m1013_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1013:-:*:*:*:*:*:*:*
Configuration 29
AND
OR
cpe:2.3:o:axis:m1014_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1014:-:*:*:*:*:*:*:*
Configuration 30
AND
OR
cpe:2.3:o:axis:m1025_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1025:-:*:*:*:*:*:*:*
Configuration 31
AND
OR
cpe:2.3:o:axis:m1033-w_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1033-w:-:*:*:*:*:*:*:*
Configuration 32
AND
OR
cpe:2.3:o:axis:m1034-w_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1034-w:-:*:*:*:*:*:*:*
Configuration 33
AND
OR
cpe:2.3:o:axis:m1045-lw_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:m1045-lw:-:*:*:*:*:*:*:*
Configuration 34
AND
OR
cpe:2.3:o:axis:m1054_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1054:-:*:*:*:*:*:*:*
Configuration 35
AND
OR
cpe:2.3:o:axis:m1065-l_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:m1065-l:-:*:*:*:*:*:*:*
Configuration 36
AND
OR
cpe:2.3:o:axis:m1065-lw_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 8.20.1
OR
cpe:2.3:h:axis:m1065-lw:-:*:*:*:*:*:*:*
Configuration 37
AND
OR
cpe:2.3:o:axis:m1103_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1103:-:*:*:*:*:*:*:*
Configuration 38
AND
OR
cpe:2.3:o:axis:m1104_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1104:-:*:*:*:*:*:*:*
Configuration 39
AND
OR
cpe:2.3:o:axis:m1113_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1113:-:*:*:*:*:*:*:*
Configuration 40
AND
OR
cpe:2.3:o:axis:m1113-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1113-e:-:*:*:*:*:*:*:*
Configuration 41
AND
OR
cpe:2.3:o:axis:m1114_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1114:-:*:*:*:*:*:*:*
Configuration 42
AND
OR
cpe:2.3:o:axis:m1114-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
OR
cpe:2.3:h:axis:m1114-e:-:*:*:*:*:*:*:*
Configuration 43
AND
OR
cpe:2.3:o:axis:m1124_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:m1124:-:*:*:*:*:*:*:*
Configuration 44
AND
OR
cpe:2.3:o:axis:m1124-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:m1124-e:-:*:*:*:*:*:*:*
Configuration 45
AND
OR
cpe:2.3:o:axis:m1125_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:m1125:-:*:*:*:*:*:*:*
Configuration 46
AND
OR
cpe:2.3:o:axis:m1125-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:m1125-e:-:*:*:*:*:*:*:*
Configuration 47
AND
OR
cpe:2.3:o:axis:m1143-l_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.60.1.10
OR
cpe:2.3:h:axis:m1143-l:-:*:*:*:*:*:*:*
Configuration 48
AND
OR
cpe:2.3:o:axis:m1144-l_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.60.1.10
OR
cpe:2.3:h:axis:m1144-l:-:*:*:*:*:*:*:*
Configuration 49
AND
OR
cpe:2.3:o:axis:m1145_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:m1145:-:*:*:*:*:*:*:*
Configuration 50
AND
OR
cpe:2.3:o:axis:m1145-l_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 6.50.2.3
OR
cpe:2.3:h:axis:m1145-l:-:*:*:*:*:*:*:*
Configuration 51
AND
OR
cpe:2.3:o:axis:m2014-e_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 5.51.5
Configuration 52
Configuration 53
Configuration 54
Configuration 55
Configuration 56
Configuration 57
Configuration 58
Configuration 59
Configuration 60
Configuration 61
Configuration 62
Configuration 63
Configuration 64
Configuration 65
Configuration 66
Configuration 67
Configuration 68
Configuration 69
Configuration 70
Configuration 71
Configuration 72
Configuration 73
Configuration 74
Configuration 75
Configuration 76
Configuration 77
Configuration 78
Configuration 79
Configuration 80
Configuration 81
Configuration 82
Configuration 83
Configuration 84
Configuration 85
Configuration 86
Configuration 87
Configuration 88
Configuration 89
Configuration 90
Configuration 91
Configuration 92
Configuration 93
Configuration 94
Configuration 95
Configuration 96
Configuration 97
Configuration 98
Configuration 99
Configuration 100
Configuration 101
Configuration 102
Configuration 103
Configuration 104
Configuration 105
Configuration 106
Configuration 107
Configuration 108
Configuration 109
Configuration 110
Configuration 111
Configuration 112
Configuration 113
Configuration 114
Configuration 115
Configuration 116
Configuration 117
Configuration 118
Configuration 119
Configuration 120
Configuration 121
Configuration 122
Configuration 123
Configuration 124
Configuration 125
Configuration 126
Configuration 127
Configuration 128
Configuration 129
Configuration 130
Configuration 131
Configuration 132
Configuration 133
Configuration 134
Configuration 135
Configuration 136
Configuration 137
Configuration 138
Configuration 139
Configuration 140
Configuration 141
Configuration 142
Configuration 143
Configuration 144
Configuration 145
Configuration 146
Configuration 147
Configuration 148
Configuration 149
Configuration 150
Configuration 151
Configuration 152
Configuration 153
Configuration 154
Configuration 155
Configuration 156
Configuration 157
Configuration 158
Configuration 159
Configuration 160
Configuration 161
Configuration 162
Configuration 163
Configuration 164
Configuration 165
Configuration 166
Configuration 167
Configuration 168
Configuration 169
Configuration 170
Configuration 171
Configuration 172
Configuration 173
Configuration 174
Configuration 175
Configuration 176
Configuration 177
Configuration 178
Configuration 179
Configuration 180
Configuration 181
Configuration 182
Configuration 183
Configuration 184
Configuration 185
Configuration 186
Configuration 187
Configuration 188
Configuration 189
Configuration 190
Configuration 191
Configuration 192
Configuration 193
Configuration 194
Configuration 195
Configuration 196
Configuration 197
Configuration 198
Configuration 199
Configuration 200
Configuration 201
Configuration 202
Configuration 203
Configuration 204
Configuration 205
Configuration 206
Configuration 207
Configuration 208
Configuration 209
Configuration 210
Configuration 211
Configuration 212
Configuration 213
Configuration 214
Configuration 215
Configuration 216
Configuration 217
Configuration 218
Configuration 219
Configuration 220
Configuration 221
Configuration 222
Configuration 223
Configuration 224
Configuration 225
Configuration 226
Configuration 227
Configuration 228
Configuration 229
Configuration 230
Configuration 231
Configuration 232
Configuration 233
Configuration 234
Configuration 235
Configuration 236
Configuration 237
Configuration 238
Configuration 239
Configuration 240
Configuration 241
Configuration 242
Configuration 243
Configuration 244
Configuration 245
Configuration 246
Configuration 247
Configuration 248
Configuration 249
Configuration 250
Configuration 251
Configuration 252
Configuration 253
Configuration 254
Configuration 255
Configuration 256
Configuration 257
Configuration 258
Configuration 259
Configuration 260
Configuration 261
Configuration 262
Configuration 263
Configuration 264
Configuration 265
Configuration 266
Configuration 267
Configuration 268
Configuration 269
Configuration 270
Configuration 271
Configuration 272
Configuration 273
Configuration 274
Configuration 275
Configuration 276
Configuration 277
Configuration 278
Configuration 279
Configuration 280
Configuration 281
Configuration 282
Configuration 283
Configuration 284
Configuration 285
Configuration 286
Configuration 287
Configuration 288
Configuration 289
Configuration 290
Configuration 291
Configuration 292
Configuration 293
Configuration 294
Configuration 295
Configuration 296
Configuration 297
Configuration 298
Configuration 299
Configuration 300
Configuration 301
Configuration 302
Configuration 303
Configuration 304
Configuration 305
Configuration 306
Configuration 307
Configuration 308
Configuration 309
Configuration 310
Configuration 311
Configuration 312
Configuration 313
Configuration 314
Configuration 315
Configuration 316
Configuration 317
Configuration 318
Configuration 319
Configuration 320
Configuration 321
Configuration 322
Configuration 323
Configuration 324
Configuration 325
Configuration 326
Configuration 327
Configuration 328
Configuration 329
Configuration 330
Configuration 331
Configuration 332
Configuration 333
Configuration 334
Configuration 335
Configuration 336
Configuration 337
Configuration 338
Configuration 339
Configuration 340
Configuration 341
Configuration 342
Configuration 343
Configuration 344
Configuration 345
Configuration 346
Configuration 347
Configuration 348
Configuration 349
Configuration 350
Configuration 351
Configuration 352
Configuration 353
Configuration 354
Configuration 355
Configuration 356
Configuration 357
Configuration 358
Configuration 359
Configuration 360
Configuration 361
Configuration 362
Configuration 363
Configuration 364
Configuration 365
Configuration 366
Configuration 367
Configuration 368
Configuration 369
Configuration 370
Configuration 371
Configuration 372
Configuration 373
Configuration 374
Configuration 375
Configuration 376
Configuration 377
Configuration 378
Configuration 379
Configuration 380
Configuration 381
Configuration 382
Configuration 383
Configuration 384
Configuration 385
Configuration 386
Configuration 387
Configuration 388
Configuration 389
Configuration 390
Showing 100 of 780 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-10660
NVD Published Date:
06/26/2018
NVD Last Modified:
08/20/2018