4.3
CVE-2024-8772
- EPSS 0.17%
- Published 26.11.2024 08:15:08
- Last modified 26.11.2024 08:15:08
- Source product-security@axis.com
- Teams watchlist Login
- Open Login
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAxis Communications AB
≫
Product
AXIS OS
Default Statusunaffected
Version <
9.80.84
Version
9.80.0
Status
affected
Version <
10.12.259
Version
10.0.0
Status
affected
Version <
11.11.118
Version
11.0.0
Status
affected
Version <
12.1.28
Version
12.0.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.392 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| product-security@axis.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.