Privilege escalation in Axis Communications video cameras - CVE-2018-10662
Published: June 19, 2018 / Updated: September 14, 2018
Vulnerability identifier: #VU13385
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2018-10662
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Axis Communications
Affected software:
Axis Communications video cameras
Axis Communications video cameras
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the authorization mechanism that is intended to limit requests, PolicyKit, is configured to automatically grant access to requests originating from the root user. A remote attacker can use legitimate requests that reach /bin/ssid’s .srv functionality, choose one of several actions by setting the action parameter in the request’s query-string and invoke any dbus request as root (the uid and gid of the /bin/ssid process), without any restriction on the destination or content.
How to mitigate CVE-2018-10662
Install update from vendor's website.