Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-5452

Опубликовано: 11 нояб. 2025
Источник: nvd
CVSS3: 6.6
EPSS Низкий

Описание

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия от 12.0.0 (включая) до 12.6.69 (исключая)

Одно из

cpe:2.3:h:axis:a1210_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1214:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1610_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1710-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1810-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1110-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1210-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1211-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1310-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1410_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1510:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1511:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1610-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1710:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1720:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c6110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8210:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d1110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d201-s_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2110-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2210-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d3110_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4100-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4200-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d6310:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xf_q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-bt:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa54:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-safety:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7020:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8016-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8116-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8307-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1055-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1075-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2035-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2036-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3057-plr_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3085-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3088-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3125-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3126-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3128-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3215-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3905-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4225-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4227-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4228-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4308-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5526-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7104:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7116:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1245_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1265_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1275_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1475-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3735-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3737-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3738-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3747-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3748-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3818-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3905-r_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-lre:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3935-lr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4708-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5655-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5676-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7304:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7316:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p9117-pv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615-le_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1686-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1715:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1798-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1805-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1806-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1808-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1809-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-xte:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1971-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1972-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2112-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3546-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3548-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3556-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3558-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3819-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-spve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q4809-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6020-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-s:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-se:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6078-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6135-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6225-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6300-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6315-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6318-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6355-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6358-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8615-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q9307-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3016:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s4000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5925:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5938:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w100:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w101:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w102:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w120:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w401:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xc1311:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xf40-q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xpq1785:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%
0.00059
Низкий

6.6 Medium

CVSS3

Дефекты

CWE-214

Связанные уязвимости

github логотип

GHSA-5ww9-v6r8-v66v

CVSS3: 6.6
github
3 месяца назад

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

EPSS

Процентиль: 19%
0.00059
Низкий

6.6 Medium

CVSS3

Дефекты

CWE-214