Lucene search

K
cvelistAxisCVELIST:CVE-2024-0054
HistoryMar 19, 2024 - 6:35 a.m.

CVE-2024-0054

2024-03-1906:35:15
Axis
www.cve.org
2
vapix apis
file globbing
vulnerability
patched
resource exhaustion

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

9.0%

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS
versions for the highlighted flaw. Please refer to the Axis security advisory
for more information and solution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AXIS OS",
    "vendor": "Axis Communications AB",
    "versions": [
      {
        "status": "affected",
        "version": "AXIS OS 6.50 - 11.8"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

9.0%

Related for CVELIST:CVE-2024-0054