6.3

CVE-2024-7696

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. 
Axis has released a patched version for the highlighted flaw. Please 
refer to the Axis security advisory for more information and solution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AxisCamera Station Pro Version < 6.5.35848
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.124
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
product-security@axis.com 6.3 2.1 4.2
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE-117 Improper Output Neutralization for Logs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en-US-459552.pdf
Vendor Advisory