CVE-2022-28860

Vulnerability

The vulnerability is an authentication downgrade in the server component of Citilog 8.0 [1]. When the server communicates with an Axis M1125 smart camera, an attacker in a man-in-the-middle position can downgrade the authentication mechanism, allowing HTTP access to the camera. The affected version is Citilog 8.0.

Exploitation

The attacker must be positioned between the Citilog server and the Axis M1125 camera (man-in-the-middle). No authentication is required for the attacker; they can intercept and modify traffic to downgrade the authentication protocol. The exact exploitation steps are not detailed in the available references.

Impact

Successful exploitation allows the attacker to gain HTTP access to the Axis M1125 camera. This could lead to unauthorized viewing of video feeds, modification of camera settings, or further network compromise depending on the camera's configuration. The attacker gains access at the level of the camera's HTTP interface.

Mitigation

No fix has been disclosed as of the publication date (2022-07-21) in the available references. Users should contact Citilog for updated software versions or apply network segmentation to prevent man-in-the-middle attacks between the server and cameras. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the latest update.