CVE-2023-21418

CWE-35CWE-22Path Traversal3 documents3 sources
Severity
7.1HIGH
EPSS
0.2%
top 62.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Axis Axis OSAxis Axis OS 2018Axis Axis OS 2020+2 more
Timeline
PublishedNov 21

Description

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highligh

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages5 packages

NVDaxis/axis_os< 6.50.5.15+1
NVDaxis/axis_os_2018< 8.40.35
NVDaxis/axis_os_2020< 9.80.49
NVDaxis/axis_os_2022< 10.12.213
CVEListV5axis_communications_ab/axis_osAXIS OS 6.50 – 11.6

🔴Vulnerability Details

2
CVEList
CVE-2023-21418: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup2023-11-21
GHSA
GHSA-wwjf-vpr8-3v33: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup2023-11-21