Axis Os Security Vulnerabilities and Issues — Axis Os CVE List

Lucene search

AxisAxis Os

4 matches found

CVE•added 2023/11/21 7:15 a.m.•34 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service acco...

7.1CVSS6.8AI score0.002EPSS

CVE•added 2023/11/21 7:15 a.m.•34 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact o...

7.1CVSS6.9AI score0.00225EPSS

CVE•added 2023/11/21 7:15 a.m.•30 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited af...

7.1CVSS6.6AI score0.00119EPSS

CVE•added 2023/11/21 7:15 a.m.•26 views

CVE-2023-5553

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of th...

7.6CVSS6.8AI score0.00032EPSS