Axis StorPoint CD servers could allow remote access to admin pages
| axis-storpoint-auth (4078) |  Medium Risk |
Description:
Axis Communications network CD servers StorPoint CD and CD/T could allow a remote attacker to gain access to the server's administration pages, due to a vulnerability in the software's Web interface for remote administration. An attacker can submit a specially-crafted URL to bypass authentication and access the server's administration pages.
Consequences:
Gain Access
Remedy:
Upgrade to software version 4.28, available from the Axis Communications Web site. Axis recommends upgrading to hardware from one of their newer product lines. See References.
References:
- Axis Communications Web site: Axis Communications Support Web.
- BugTraq Mailing List, Tue Feb 29 2000 - 07:18:54 CST: Infosec.20000229.axisstorpointcd.a.
- BID-1025: Axis StorPoint CD Authentication Vulnerability
- CVE-2000-0191: Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.
- OSVDB ID: 19: Axis StorPoint Admin Authentication Bypass
Platforms Affected:
- AXIS Storpoint CD
Reported:
Feb 29, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net