CVE-2017-20049

moderate-risk
Published 2022-06-15

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

P3225 Firmware
P3367 Firmware
M3045 Firmware
M3005 Firmware
M3007 Firmware

Affected Vendors

Axis

References (2)

https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf
https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 13/34 · Low