CVE-2024-0066

EPSS 0.05%
Veröffentlicht 18.06.2024 06:15:10
Zuletzt bearbeitet 21.11.2024 08:45:49
Quelle product-security@axis.com
Teams Watchlist Login
Unerledigt Login

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. 
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstelleraxis

≫

Produkt axis_os_2020

Default Statusunaffected

Version < 9.80.69

Version 0

Status affected

Herstelleraxis

≫

Produkt axis_os_2022

Default Statusunaffected

Version < 10.12.236

Version 0

Status affected

Herstelleraxis

≫

Produkt axis_os

Default Statusunaffected

Version <= 11.9

Version 5.51

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.164

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-security@axis.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf

https://nvd.nist.gov/vuln/detail/CVE-2024-0066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0066

EUVD