CVE-2024-6831

EPSS 0.03%
Veröffentlicht 26.11.2024 08:15:07
Zuletzt bearbeitet 26.11.2024 08:15:07
Quelle product-security@axis.com
Teams Watchlist Login
Unerledigt Login

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. 
Axis has released patched versions for the highlighted flaw. Please 
refer to the Axis security advisory for more information and solution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAxis Communications AB

≫

Produkt AXIS Camera Station Pro

Default Statusunaffected

Version <6.4

Status affected

HerstellerAxis Communications AB

≫

Produkt AXIS Camera Station

Default Statusunaffected

Version <5.57.33556

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-security@axis.com	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en-US-455107.pdf

https://nvd.nist.gov/vuln/detail/CVE-2024-6831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6831

EUVD