CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.8%
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be exploited after authenticating with an
operator- or administrator-privileged service account. The impact of exploiting
this vulnerability is lower with operator-privileges compared to
administrator-privileges service accounts. Axis has released patched AXIS OS
versions for the highlighted flaw. Please refer to the Axis security advisory
for more information and solution.
Vendor | Product | Version | CPE |
---|---|---|---|
axis | m3024-lve | - | cpe:2.3:h:axis:m3024-lve:-:*:*:*:*:*:*:* |
axis | m3024-lve_firmware | * | cpe:2.3:o:axis:m3024-lve_firmware:*:*:*:*:*:*:*:* |
axis | m3025-ve | - | cpe:2.3:h:axis:m3025-ve:-:*:*:*:*:*:*:* |
axis | m3025-ve_firmware | * | cpe:2.3:o:axis:m3025-ve_firmware:*:*:*:*:*:*:*:* |
axis | m7014 | - | cpe:2.3:h:axis:m7014:-:*:*:*:*:*:*:* |
axis | m7014_firmware | * | cpe:2.3:o:axis:m7014_firmware:*:*:*:*:*:*:*:* |
axis | m7016 | - | cpe:2.3:h:axis:m7016:-:*:*:*:*:*:*:* |
axis | m7016_firmware | * | cpe:2.3:o:axis:m7016_firmware:*:*:*:*:*:*:*:* |
axis | p1214-e | - | cpe:2.3:h:axis:p1214-e:-:*:*:*:*:*:*:* |
axis | p1214-e_firmware | * | cpe:2.3:o:axis:p1214-e_firmware:*:*:*:*:*:*:*:* |