Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-5800

Опубликовано: 05 фев. 2024
Источник: nvd
CVSS3: 5.4
CVSS3: 8.8
EPSS Низкий

Описание

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия до 11.8.61 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*
Версия до 9.80.55 (исключая)
cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*
Версия до 10.12.220 (исключая)

EPSS

Процентиль: 39%
0.00173
Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-35
CWE-94

Связанные уязвимости

github логотип

GHSA-p8wr-r5ww-35j3

CVSS3: 5.4
github
около 2 лет назад

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

EPSS

Процентиль: 39%
0.00173
Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-35
CWE-94