3 matches found
CVE-2024-0054
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
AXIS OS < 6.50.5.17, 7.x < 8.40.43, 9.x < 9.80.58, 10.x < 10.12.228, 11.x < 11.9.53 DoS Vulnerability
AXIS OS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if...
CVE-2024-0054
CVE-2024-0054 affects Axis OS: the VAPIX endpoints local_list.cgi, create_overlay.cgi and irissetup.cgi are vulnerable to file globbing, enabling a resource-exhaustion DoS. The issue is rooted in how these APIs handle globbing, with exploitation described in Axis advisories and vendor-confirmed p...