Описание
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.12.0 (включая) до 11.9.53 (исключая)Версия до 10.12.228 (исключая)
Одно из
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 41%
0.00194
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-155
Связанные уязвимости
CVSS3: 6.5
github
почти 2 года назад
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
EPSS
Процентиль: 41%
0.00194
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-155