CVE-2023-5800 in AXISИнформация

Сводка

по MITRE • 05.02.2024

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Ответственный

Axis Communications AB

Резервировать

26.10.2023

Раскрытие

05.02.2024

Модерация

принято

Вход

VDB-252805

EPSS

0.00684

KEV

Нет

Деятельности

Очень низкий

Источники

Interested in the pricing of exploits?

See the underground prices here!