What is CVE-2021-31988?

CVE-2021-31988 is a vulnerability related to SMTP test functionality in Axis Axis Os, allowing the inclusion of arbitrary SMTP headers in test emails.

What is the severity of CVE-2021-31988?

CVE-2021-31988 has a severity rating of 8.8 (high).

Which software versions are affected by CVE-2021-31988?

CVE-2021-31988 affects Axis Axis Os versions up to 10.7, Axis Axis Os 2016 versions up to 6.50.5.5, Axis Axis Os 2018 versions up to 8.40.4.3, and Axis Axis Os 2020 versions up to 9.80.3.5.

Is there a fix or patch available for CVE-2021-31988?

To mitigate CVE-2021-31988, it is recommended to upgrade to a fixed version of Axis Axis Os as mentioned in the Axis security advisory.

Vulnerability/
CVE-2021-31988

high

8.8

CWE

74 1286

5/10/2021

8/11/2024

CVE-2021-31988

Q: How can CVE-2021-31988 be exploited?

CVE-2021-31988 can be exploited by manipulating a user-controlled parameter related to SMTP test functionality to include arbitrary SMTP headers in test emails.

First published: Tue Oct 05 2021(Updated: )

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

Credit: product-security@axis.com product-security@axis.com

Affected Software	Affected Version	How to fix
Axis Axis Os	<10.7
Axis Axis Os 2016	<6.50.5.5
Axis Axis Os 2018	<8.40.4.3
Axis Axis Os 2020	<9.80.3.5

Never miss a vulnerability like this again

Reference Links

https://www.axis.com/files/tech_notes/CVE-2021-31988.pdf

Frequently Asked Questions

What is CVE-2021-31988?
CVE-2021-31988 is a vulnerability related to SMTP test functionality in Axis Axis Os, allowing the inclusion of arbitrary SMTP headers in test emails.
What is the severity of CVE-2021-31988?
CVE-2021-31988 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2021-31988?
CVE-2021-31988 affects Axis Axis Os versions up to 10.7, Axis Axis Os 2016 versions up to 6.50.5.5, Axis Axis Os 2018 versions up to 8.40.4.3, and Axis Axis Os 2020 versions up to 9.80.3.5.
How can CVE-2021-31988 be exploited?
CVE-2021-31988 can be exploited by manipulating a user-controlled parameter related to SMTP test functionality to include arbitrary SMTP headers in test emails.
Is there a fix or patch available for CVE-2021-31988?
To mitigate CVE-2021-31988, it is recommended to upgrade to a fixed version of Axis Axis Os as mentioned in the Axis security advisory.

collector/nvd-index
agent/type
agent/softwarecombine
agent/author
agent/severity
agent/references
agent/description
agent/first-publish-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/axis
canonical/axis axis os
canonical/axis axis os 2016
canonical/axis axis os 2018
canonical/axis axis os 2020

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.