CVE-2023-5800
published 2024-02-05CVE-2023-5800: Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Vintage,
member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be exploited after authenticating with an
operator- or administrator-privileged service account. Axis has released patched AXIS OS
versions for the highlighted flaw. Please refer to the Axis security advisory
for more information and solution.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | axis_os | < 11.8.61 | 11.8.61 |
| axis | axis_os_2020 | < 9.80.55 | 9.80.55 |
| axis | axis_os_2022 | < 10.12.220 | 10.12.220 |
| axis_communications_ab | axis_os | — | — |