Lucene search

K
cveAxisCVE-2023-21410
HistoryAug 03, 2023 - 7:15 a.m.

CVE-2023-21410

2023-08-0307:15:12
CWE-78
Axis
web.nvd.nist.gov
2456
cve-2023-21410
axis license plate verifier
api.cgi
code execution
security vulnerability
nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

47.2%

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for
arbitrary code execution.

Affected configurations

Nvd
Node
axislicense_plate_verifierRange2.8.3
VendorProductVersionCPE
axislicense_plate_verifier*cpe:2.3:a:axis:license_plate_verifier:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AXIS License Plate Verifier",
    "vendor": "Axis Communications AB",
    "versions": [
      {
        "status": "affected",
        "version": "2.8.3 or earlier"
      }
    ]
  }
]

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

47.2%

Related for CVE-2023-21410