CVE-2021-31988 — HIGH (8.8)

Q: How severe is CVE-2021-31988?

CVE-2021-31988 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-31988?

Check the references section above for vendor advisories and patch information. Affected products include: Axis Axis Os, Axis Axis Os 2016, Axis Axis Os 2018, Axis Axis Os 2020.

Vulnerability Description

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Axis	Axis Os	< 10.7
Axis	Axis Os 2016	< 6.50.5.5
Axis	Axis Os 2018	< 8.40.4.3
Axis	Axis Os 2020	< 9.80.3.5

Related Weaknesses (CWE)

CWE-74 CWE-1286

References

https://www.axis.com/files/tech_notes/CVE-2021-31988.pdfVendor Advisory
https://www.axis.com/files/tech_notes/CVE-2021-31988.pdfVendor Advisory

FAQ

What is CVE-2021-31988?

CVE-2021-31988 is a vulnerability with a CVSS score of 8.8 (HIGH). A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SM...

How severe is CVE-2021-31988?

CVE-2021-31988 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31988?

Check the references section above for vendor advisories and patch information. Affected products include: Axis Axis Os, Axis Axis Os 2016, Axis Axis Os 2018, Axis Axis Os 2020.