COMMAND

    Axis 700 Network Scanner

SYSTEMS AFFECTED

    Axis 700 Network Scanner (Software Version 1.12)

PROBLEM

    Ian  Vitek  posted   following  (Infosec  Security   Vulnerability
    Report).  By modifying an URL, outsiders can access  administrator
    URLs  without   entering  username   and  password.    Threat   is
    unauthorized access.

    User pages are located under

        http://server/user/

    The URL to the configuration page is:

        http://server/admin/this_axis700/this_axis700.shtml

    This page is password  protected.  The actual  configuration takes
    place on the pages linked from this page.  By changing the URL to:

        http://server/user/../admin/this_axis700/this_axis700.shtml

    gives  an  outsider  access  to  the  configuration  page  without
    entering username and password.  The server seems to check  access
    permissions before URL conversion.  The server also decodes %1u to
    %2e (not a vulnerability).

SOLUTION

    Version 1.14  should fix  this vulnerability.   Infosec recommends
    everyone to try to access their authorized pages with URLs as:

        http://server/NonPrivPage/../PrivPage/