Axis Os@* Security Vulnerabilities and Issues — Axis Os@* CVE List

Lucene search

AxisAxis Os*

9 matches found

CVE•added 2023/07/25 8:15 a.m.•56 views

CVE-2023-21405

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis NetworkIntercoms when communicating over OSDP, highlighting that the OSDP message parser crashesthe pacsiod process, causing a temporary unavailability of the door-controlling functionalitiesmeaning that doors cann...

6.5CVSS6.5AI score0.00069EPSS

CVE•added 2023/05/08 9:15 p.m.•36 views

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

5.3CVSS5.2AI score0.00115EPSS

CVE•added 2023/10/16 7:15 a.m.•35 views

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AX...

7.1CVSS6.5AI score0.00012EPSS

CVE•added 2023/11/21 7:15 a.m.•34 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service acco...

7.1CVSS6.8AI score0.002EPSS

CVE•added 2023/11/21 7:15 a.m.•34 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact o...

7.1CVSS6.9AI score0.00225EPSS

CVE•added 2023/10/16 7:15 a.m.•32 views

CVE-2023-21413

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released ...

9.1CVSS8.2AI score0.00484EPSS

CVE•added 2023/11/21 7:15 a.m.•30 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited af...

7.1CVSS6.6AI score0.00119EPSS

CVE•added 2023/10/16 7:15 a.m.•26 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has re...

8.1CVSS7.2AI score0.00133EPSS

CVE•added 2023/11/21 7:15 a.m.•26 views

CVE-2023-5553

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of th...

7.6CVSS6.8AI score0.00032EPSS