CVE-2023-5800 in AXIS
Sumário
de MITRE • 05/02/2024
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.