CVE-2024-6476

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
4.2MEDIUM
EPSS
0.0%
top 90.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Axis Communications AB Axis Camera StationAxis Communications AB Axis Camera Station PRO
Timeline
PublishedNov 26

Description

Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:LExploitability: 1.1 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-fcgq-rhw7-f4x4: Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by r2024-11-26
CVEList
CVE-2024-6476: Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by r2024-11-26
CVE-2024-6476 (MEDIUM CVSS 4.2) | Gee-netics | cvebase.io