Axis Os 2022 vulnerabilities

9 known vulnerabilities affecting axis/axis_os_2022.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-47261MEDIUMCVSS 4.3fixed in 10.12.2762025-04-08
CVE-2024-47261 [MEDIUM] CWE-1287 CVE-2024-47261: 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.
nvd
CVE-2024-8160LOWCVSS 2.7fixed in 10.12.2572024-11-26
CVE-2024-8160 [LOW] CWE-1286 CVE-2024-8160: Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis
nvd
CVE-2024-0055MEDIUMCVSS 6.5fixed in 10.12.2282024-03-19
CVE-2024-0055 [MEDIUM] CWE-155 CVE-2024-0055: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
nvd
CVE-2023-5800HIGHCVSS 8.8fixed in 10.12.2202024-02-05
CVE-2023-5800 [MEDIUM] CWE-35 CVE-2023-5800: Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi d Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for th
nvd
CVE-2023-21418HIGHCVSS 7.1fixed in 10.12.2132023-11-21
CVE-2023-21418 [HIGH] CWE-35 CVE-2023-21418: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi w Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator
nvd
CVE-2023-21417HIGHCVSS 7.1fixed in 10.12.2082023-11-21
CVE-2023-21417 [HIGH] CWE-35 CVE-2023-21417: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayi Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lo
nvd
CVE-2023-5553MEDIUMCVSS 6.8fixed in 10.12.2132023-11-21
CVE-2023-5553 [HIGH] CWE-863 CVE-2023-5553: During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the pro During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched
nvd
CVE-2023-21416MEDIUMCVSS 6.5fixed in 10.12.2132023-11-21
CVE-2023-21416 [HIGH] CWE-35 CVE-2023-21416: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay. Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-p
nvd
CVE-2023-21415HIGHCVSS 8.1fixed in 10.12.2062023-10-16
CVE-2023-21415 [MEDIUM] CWE-35 CVE-2023-21415: Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted f
nvd