Axis.Communications.Security.Camera.UNRET.dbus.Function.Access
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Axis Communications Security Cameras.
The vulnerability is due to an error in the application when handling a maliciously crafted HTTP request. A remote attacker may be able to exploit this to bypass authentication and obtain administrative access.
Outbreak Alert
FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023.
Affected Products
Axis Communications Security Camera
See following link for the complete list
https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.axis.com/support/firmware
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-06 | 14.627 | Severity:high:critical |