Lucene search

AxisCVELIST:CVE-2023-5800

HistoryFeb 05, 2024 - 5:20 a.m.

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

2024-02-0505:20:38

Axis

www.cve.org

cve-2023-5800

vapix api

input validation

vulnerability

axis os

patched

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

Vintage,
member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be exploited after authenticating with an
operator- or administrator-privileged service account. Axis has released patched AXIS OS
versions for the highlighted flaw. Please refer to the Axis security advisory
for more information and solution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AXIS OS",
    "vendor": "Axis Communications AB",
    "versions": [
      {
        "status": "affected",
        "version": "AXIS OS 11.8, 10.12, 9.80, 8.40, 6.50"
      }
    ]
  }
]

References

www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for CVELIST:CVE-2023-5800