CVE-2024-0055Improper Neutralization of Wildcards or Matching Symbols in OS

CWE-155Improper Neutralization of Wildcards or Matching Symbols3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Axis OSAxis OS 2022Axis Communications AB Axis OS
Timeline
PublishedMar 19

Description

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDaxis/axis_os10.12.011.9.53
NVDaxis/axis_os_2022< 10.12.228
CVEListV5axis_communications_ab/axis_osAXIS OS 10.12 - 11.8

🔴Vulnerability Details

2
GHSA
GHSA-5ppp-5mcp-fqfv: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip2024-03-19
CVEList
CVE-2024-0055: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip2024-03-19
CVE-2024-0055 — Axis OS vulnerability | cvebase