Think you have a false positive on this rule?

Sid 1-

Message

SERVER-WEBAPP Axis Network Camera authorization bypass attempt

Summary

This event is generated when an attempt to bypass the authorization mechanism for the web interface on an Axis Network Attached Camera is detected.

Impact

Web Application Attack

Detailed information

This detection looks for a request containing the pattern "[unprotected page].html/[protected page].srv". This pattern is used to bypass authorization on vulnerable Axis Network Attached Cameras, allowing unauthenticated access to the protected ".srv" page.

Affected systems

- Please see the Axis affected product list for a complete list of affected systems.

  • https://www.axis.com/files/sales/ACV-128401AffectedProduct_List.pdf

Ease of attack

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-10662
  • CVE-2018-10658
  • CVE-2018-10659
  • CVE-2018-10663
  • CVE-2018-10661