AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
References
Link | Resource |
---|---|
https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Axis
Published: 2022-02-14T21:04:28
Updated: 2022-03-09T14:54:30
Reserved: 2022-01-18T00:00:00
Link: CVE-2022-23410
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-14T22:15:08.147
Modified: 2022-05-11T14:23:54.003
Link: CVE-2022-23410
JSON object: View
Redhat Information
No data.
CWE