Lucene search
K

177 matches found

Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.4 views

PT-2024-15328 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX APIs, specifically the "mediaclip.cgi" and "playclip.cgi" endpoints, were found to be vulnerable to file globbing, which could lead to a resource exhaustion attack. This iss...

6.5CVSS6.9AI score0.00596EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.4 views

PT-2024-15327 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX APIs are vulnerable to file globbing, which could lead to a resource exhaustion attack. The affected API endpoints include "local list.cgi", "create overlay.cgi", and...

6.5CVSS6.9AI score0.00572EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.16 views

AXIS OS RCE Vulnerability (Feb 2024)

AXIS OS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if...

8.8CVSS8AI score0.00684EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/02/12 12:0 a.m.29 views

Axis Communications Multiple Products Remote Code Execution (CVE-2023-5677)

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...

8.8CVSS7.7AI score0.0056EPSS
Exploits0References2
NVD
NVD
added 2024/02/05 6:15 a.m.32 views

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

8.8CVSS7AI score0.0056EPSS
Exploits0References2
NVD
NVD
added 2024/02/05 6:15 a.m.29 views

CVE-2023-5800

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

8.8CVSS6.4AI score0.00684EPSS
Exploits0References1
Prion
Prion
added 2024/02/05 6:15 a.m.28 views

Input validation

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

6.5CVSS7.1AI score0.00684EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2024/02/05 5:20 a.m.2 views

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

5.4CVSS7.1AI score0.00684EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/05 5:20 a.m.26 views

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

5.4CVSS8.9AI score0.00684EPSS
Exploits0References1
CVE
CVE
added 2024/02/05 5:20 a.m.73 views

CVE-2023-5800

CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...

8.8CVSS7.1AI score0.00684EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/05 5:20 a.m.32 views

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

6.3CVSS8.9AI score0.0056EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

AXIS OS Code Injection Vulnerability

AXIS Os is an edge device operating system from the Swedish company Axis. A security vulnerability exists in AXIS OS versions 6.50 through 11.7 that stems from the VAPIX API createoverlay.cgi not having sufficient input validation, allowing for possible remote code execution...

8.8CVSS8AI score0.00684EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.8 views

The vulnerability of the Open Supervised Device Protocol implementation in the AXIS OS operating system of AXIS controllers allows a perpetrator to cause temporary disconnection of functions.

The vulnerability of the Open Supervised Device Protocol OSDP implementation in the AXIS OS operating system and AXIS controllers is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause temporary dysfunction of the functions...

6.5CVSS6.5AI score0.00293EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/21 7:15 a.m.5 views

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References1
NVD
NVD
added 2023/11/21 7:15 a.m.19 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS0.00668EPSS
Exploits0References1
OSV
OSV
added 2023/11/21 7:15 a.m.4 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS5.8AI score0.00668EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/21 6:56 a.m.14 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS6.9AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/21 6:56 a.m.14 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS7.1AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2023/11/21 6:56 a.m.52 views

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

7.1CVSS6.9AI score0.00668EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2023/11/21 6:53 a.m.23 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS7AI score0.00668EPSS
Exploits0References1
Rows per page
Query Builder