CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:axis:axis_os:::::-:::*
	cpe:2.3:o:axis:axis_os:::::active:::*
	cpe:2.3:o:axis:axis_os_2016:::::lts:::*
	cpe:2.3:o:axis:axis_os_2018:::::lts:::*
	cpe:2.3:o:axis:axis_os_2020:::::lts:::*
	cpe:2.3:o:axis:axis_os_2022:::::lts:::*

History

08 Nov 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-16 07:15

Updated : 2024-11-08 09:15

NVD link : CVE-2023-21415

Mitre link : CVE-2023-21415

CVE.ORG link : CVE-2023-21415

JSON object : View

Products Affected

axis

axis_os_2016
axis_os
axis_os_2018
axis_os_2020
axis_os_2022

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-35

Path Traversal: '.../...//'

{"id": "CVE-2023-21415", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "product-security@axis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-10-16T07:15:08.760", "references": [{"url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf", "tags": ["Vendor Advisory"], "source": "product-security@axis.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "product-security@axis.com", "description": [{"lang": "en", "value": "CWE-35"}]}], "descriptions": [{"lang": "en", "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX overlay_del.cgi es vulnerable a ataques de Path Traversal que permiten la eliminaci\u00f3n de archivos. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "lastModified": "2024-11-08T09:15:05.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F0C843A9-2BA5-4E3F-85D9-D9D2C65B7BAA", "versionEndExcluding": "6.50.5.14", "versionStartIncluding": "6.50.5.3"}, {"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "vulnerable": true, "matchCriteriaId": "09CFB55B-2098-478D-A6AE-A200F2EC42BC", "versionEndExcluding": "11.6.94", "versionStartIncluding": "11.0.81"}, {"criteria": "cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "0E3843E2-4943-440F-99E9-8026C9818596", "versionEndExcluding": "6.50.5.2", "versionStartIncluding": "6.50.2"}, {"criteria": "cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "A714346C-6398-46ED-81F0-5546B00A2DEB", "versionEndExcluding": "8.40.35"}, {"criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "8AFCB4A6-3BFD-48CF-A84B-0D83DB101BBC", "versionEndExcluding": "9.80.47"}, {"criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "4E686725-735A-47FC-87F1-A1899A916315", "versionEndExcluding": "10.12.206"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@axis.com"}