CVE-2024-0066

EPSS 0.05%
Published 18.06.2024 06:15:10
Last modified 21.11.2024 08:45:49
Source product-security@axis.com
Teams watchlist Login
Open Login

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. 
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendoraxis

≫

Product axis_os_2020

Default Statusunaffected

Version < 9.80.69

Version 0

Status affected

Vendoraxis

≫

Product axis_os_2022

Default Statusunaffected

Version < 10.12.236

Version 0

Status affected

Vendoraxis

≫

Product axis_os

Default Statusunaffected

Version <= 11.9

Version 5.51

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.164

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
product-security@axis.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf

https://nvd.nist.gov/vuln/detail/CVE-2024-0066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0066

EUVD