CVE-2018-9158

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.slideshare.net/secret/HpAEwK5qo5U4b1	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:axis:m1033-w_firmware:5.40.5.1:*:*:*:*:*:*:*

cpe:2.3:h:axis:m1033-w:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-01 18:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-9158

Mitre link : CVE-2018-9158

CVE.ORG link : CVE-2018-9158

JSON object : View

Products Affected

axis

m1033-w_firmware
m1033-w

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2018-9158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-04-01T18:29:00.490", "references": [{"url": "https://www.slideshare.net/secret/HpAEwK5qo5U4b1", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end."}, {"lang": "es", "value": "Se ha descubierto un problema en los dispositivos AXIS M1033-W (c\u00e1mara IP) con versi\u00f3n de firmware 5.40.5.1. No emplean un mecanismo adecuado de prevenci\u00f3n de ataques de denegaci\u00f3n de servicio (DoS), lo que conduce a un retraso en los tiempos de respuesta. Un atacante puede utilizar la herramienta hping3 para realizar un ataque de inundaci\u00f3n IPv4 y los servicios se interrumpen desde el principio hasta el final del ataque."}], "lastModified": "2018-05-15T15:35:58.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axis:m1033-w_firmware:5.40.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5EC5E97-2636-4CD7-8DFD-990C0AC1ACAE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:axis:m1033-w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48E643E9-E905-46DB-BA35-01460344CECB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}