CVE-2024-7696

EPSS 0.05%
Published 07.01.2025 06:15:17
Last modified 10.10.2025 14:27:04
Source product-security@axis.com
Teams watchlist Login
Open Login

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. 
Axis has released a patched version for the highlighted flaw. Please 
refer to the Axis security advisory for more information and solution.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Axis ≫ Camera Station Pro Version < 6.5.35848

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
product-security@axis.com	6.3	2.1	4.2	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-117 Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en-US-459552.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7696

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7696

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7696

EUVD