Lucene search
K

177 matches found

Cvelist
Cvelist
added 2023/10/16 6:24 a.m.26 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

6.5CVSS8.3AI score0.0059EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 6:18 a.m.14 views

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering commonly known as Secure Boot contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AX...

7.1CVSS6.7AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 6:8 a.m.17 views

CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS8.9AI score0.01247EPSS
Exploits0References1
CVE
CVE
added 2023/10/16 6:8 a.m.44 views

CVE-2023-21413

The CVE-2023-21413 vulnerability affects Axis OS on Axis devices, where the ACAP application installation process is vulnerable to command injection in the application handling service. This enables remote code execution (RCE) if an attacker can leverage the installation flow. Public risk scores ...

9.1CVSS8.2AI score0.01247EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/16 6:8 a.m.18 views

CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS10AI score0.01247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-18185 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A flaw has been discovered in the protection for device tampering, commonly known as Secure Boot, which provides an opportunity for a sophisticated attack to bypass this protection. The iss...

7.1CVSS6.8AI score0.00232EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-18184 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: A flaw has been found that allows for remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was...

9.1CVSS8.1AI score0.01247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.5 views

PT-2023-7487 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The issue is related to the VAPIX API in the AXIS OS, specifically with the overlay del.cgi endpoint, which is vulnerable to path traversal attacks. This allows an attacker, after...

8.1CVSS7.3AI score0.0059EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

AXIS OS Path Traversal Vulnerability

AXIS Os is an edge device operating system from the Swedish company Axis. A security vulnerability exists in AXIS OS versions 10.11 through 11.5, which stems from a path traversal attack in the VAPIX APIoverlaydel.cgi that allows file deletion...

8.1CVSS6.8AI score0.0059EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

AXIS OS Command Injection Vulnerability

AXIS Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS versions 10.11 through 11.5 that originates from allowing remote code execution during installation of the ACAP application on an Axis device...

9.1CVSS8.1AI score0.01247EPSS
Exploits0References2
OSV
OSV
added 2023/05/08 9:15 p.m.4 views

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

5.3CVSS6.1AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.5 views

AXIS OS 安全漏洞

AXIS Os is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 11.0.x-11.3.x, which stems from the use of static RSA keys in legacy LUA components to protect Axis-specific source code...

5.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.10 views

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

5.3AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2023/05/08 12:0 a.m.49 views

CVE-2023-21404

CVE-2023-21404 affects AXIS OS 11.0.X–11.3.x, where a static RSA key is embedded in legacy LUA components to protect Axis-specific source code. The documents state this key is not used in other secure communications and cannot be used to compromise the device or customer data. No exploitation det...

5.3CVSS5.2AI score0.00283EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.18 views

Axis Device Detection Consolidation

Consolidation of Axis devices detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.170300"...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2021/10/05 9:9 p.m.61 views

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

Three vulnerabilities in the IP video-surveillance systems created by Axis Communications could allow arbitrary code execution, among other attacks. That’s according to Nozomi Networks Labs, whose researchers examined the company’s Axis Companion Recorder, a compact network video recorder NVR tha...

8.8CVSS8.7AI score0.00923EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.5 views

Axis Os 缓冲区错误漏洞

Axis Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS 6.40 or later that stems from not properly validating control parameters related to SMTP notifications. This could lead to a buffer overflow and data leakage...

6.8CVSS7AI score0.00779EPSS
Exploits0References2
Rows per page
Query Builder