CVE-2021-31988
First published: Tue Oct 05 2021(Updated: )
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
Credit: product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axis Axis Os | <10.7 | |
| Axis Axis Os 2016 | <6.50.5.5 | |
| Axis Axis Os 2018 | <8.40.4.3 | |
| Axis Axis Os 2020 | <9.80.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-31988?
CVE-2021-31988 is a vulnerability related to SMTP test functionality in Axis Axis Os, allowing the inclusion of arbitrary SMTP headers in test emails.
What is the severity of CVE-2021-31988?
CVE-2021-31988 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2021-31988?
CVE-2021-31988 affects Axis Axis Os versions up to 10.7, Axis Axis Os 2016 versions up to 6.50.5.5, Axis Axis Os 2018 versions up to 8.40.4.3, and Axis Axis Os 2020 versions up to 9.80.3.5.
How can CVE-2021-31988 be exploited?
CVE-2021-31988 can be exploited by manipulating a user-controlled parameter related to SMTP test functionality to include arbitrary SMTP headers in test emails.
Is there a fix or patch available for CVE-2021-31988?
To mitigate CVE-2021-31988, it is recommended to upgrade to a fixed version of Axis Axis Os as mentioned in the Axis security advisory.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- vendor/axis
- canonical/axis axis os
- canonical/axis axis os 2016
- canonical/axis axis os 2018
- canonical/axis axis os 2020