Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References
Link | Resource |
---|---|
https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Axis
Published: 2023-10-16T06:24:13.381Z
Updated: 2023-10-19T12:57:13.429Z
Reserved: 2022-11-04T18:30:01.767Z
Link: CVE-2023-21415
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-16T07:15:08.760
Modified: 2023-10-19T20:19:06.067
Link: CVE-2023-21415
JSON object: View
Redhat Information
No data.
CWE