CVE-2024-7784Stack-based Buffer Overflow in Communications AB Axis OS

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 97.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Axis Communications AB Axis OS
Timeline
PublishedSep 10

Description

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages1 packages

CVEListV5axis_communications_ab/axis_os10.9.010.12.246+7

🔴Vulnerability Details

2
GHSA
GHSA-fmjv-qpc7-997r: During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Se2024-09-10
CVEList
CVE-2024-7784: During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Se2024-09-10
CVE-2024-7784 — Stack-based Buffer Overflow | cvebase