PT-2022-19268 · Axis · Axis M1125
Published
2022-07-21
·
Updated
2023-07-28
·
CVE-2022-28861
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citilog version 8.0
Description
The server in Citilog allows an attacker, in a man-in-the-middle position between the server and its smart camera Axis M1125, to see FTP credentials in cleartext HTTP traffic. These credentials can be used for FTP access to the server.
Recommendations
For Citilog version 8.0, consider disabling the use of cleartext HTTP traffic for FTP credentials until a patch is available. Restrict access to the server and its smart camera Axis M1125 to minimize the risk of exploitation. Avoid using cleartext HTTP for sensitive information transmission.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axis M1125