6.5
CVE-2024-6509
- EPSS 0.25%
- Published 10.09.2024 05:15:12
- Last modified 29.11.2024 06:15:07
- Source product-security@axis.com
- Teams watchlist Login
- Open Login
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAxis Communications AB
≫
Product
AXIS OS
Default Statusunaffected
Version <
6.50.5.19
Version
6.50.0
Status
affected
Version <
8.40.59
Version
7.0.0
Status
affected
Version <
9.80.78
Version
9.0.0
Status
affected
Version <
10.12.249
Version
10.0.0
Status
affected
Version <
11.11.93
Version
11.0.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.479 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| product-security@axis.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-155 Improper Neutralization of Wildcards or Matching Symbols
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.