Axis Os 2024 Security Vulnerabilities and Issues — Axis Os 2024 CVE List

AxisAxis Os 2024

8 matches found

CVE•added 2025/03/04 5:24 a.m.•119 views

CVE-2025-0360

CVE-2025-0360 affects Axis VAPIX Device Configuration framework; flaw could yield an incorrect privilege level for the VAPIX service account D-Bus API. Reported during a penetration test, the CVSSv3.1 vector indicates Local attacker, Low privileges required, No user interaction, with Confidential...

7.8CVSS6.9AI score0.00137EPSS

CVE•added 2024/11/26 7:27 a.m.•99 views

CVE-2024-8160

Summary (CVE-2024-8160) : The vulnerability affects Axis OS (AXIS OS) versions prior to the patched release. The flaw resides in the VAPIX API’s ftptest.cgi due to insufficient input validation, enabling a possible command injection that could allow transferring files to/from the Axis device. Exp...

3.8CVSS7.3AI score0.00614EPSS

CVE•added 2025/03/04 5:15 a.m.•97 views

CVE-2024-47259

CVE-2024-47259 affects Axis OS: VAPIX API endpoint dynamicoverlay.cgi with insufficient input validation that enables command injection, enabling potential file transfers to the Axis device and resource exhaustion. Axis has released patched AXIS OS versions; refer to Axis security advisory for de...

7.1CVSS7.4AI score0.00542EPSS

CVE•added 2025/04/08 5:33 a.m.•96 views

CVE-2024-47261

The CVE-2024-47261 entry describes a vulnerability in Axis OS devices where the VAPIX API endpoint uploadoverlayimage.cgi lacks sufficient input validation. This allows an attacker to upload files that can block access to create image overlays in the device’s web interface. Affected product scope...

4.3CVSS7.1AI score0.00296EPSS

CVE•added 2025/04/08 5:38 a.m.•87 views

CVE-2025-0361

CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...

5.3CVSS7.2AI score0.00259EPSS

CVE•added 2025/06/02 7:32 a.m.•61 views

CVE-2025-0324

AXIS OS (Axis Communications) vulnerability CVE-2025-0324 affects AXIS OS versions 11.8 through 12.2, via the VAPIX Device Configuration framework, causing privilege escalation from a lower-privileged user to administrator. Root cause described as an elevation of privilege issue. Public details a...

9.4CVSS9.2AI score0.00338EPSS

CVE•added 2025/03/04 5:21 a.m.•61 views

CVE-2025-0359

CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...

8.5CVSS8.4AI score0.00132EPSS

CVE•added 2024/09/10 5:7 a.m.•47 views

CVE-2024-6979

CVE-2024-6979 affects Axis OS, where a broken access control could allow less-privileged operator- and/or viewer-accounts to gain higher privileges. The issue is described as requiring complex steps and social engineering to trigger administrator configurations, with exploitation risk considered ...

7.5CVSS6.9AI score0.0029EPSS