Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be exploited after authenticating with an
operator- or administrator-privileged service account. The impact of exploiting
this vulnerability is lower with operator-privileges compared to
administrator-privileges service accounts. Axis has released patched AXIS OS
versions for the highlighted flaw. Please refer to the Axis security advisory
for more information and solution.
References
Link | Resource |
---|---|
https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf | Vendor Advisory |
https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
21 Nov 2024, 08:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
08 Nov 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
Summary | (en) Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. |
13 Feb 2024, 00:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
First Time |
Axis m3025-ve
Axis p7216 Axis p1214-e Firmware Axis m7016 Firmware Axis m3025-ve Firmware Axis p7214 Firmware Axis m3024-lve Firmware Axis q7401 Axis p1214-e Axis q7404 Firmware Axis q7404 Axis m7014 Firmware Axis Axis q7414 Firmware Axis p7216 Firmware Axis m3024-lve Axis q7401 Firmware Axis q7424-r Mk Ii Axis q7424-r Mk Ii Firmware Axis m7016 Axis q7414 Axis m7014 Axis p7214 |
|
References | () https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:axis:q7404_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:axis:p7216:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m3025-ve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m7016:-:*:*:*:*:*:*:* cpe:2.3:o:axis:m3024-lve_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:axis:p1214-e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:axis:q7404:-:*:*:*:*:*:*:* cpe:2.3:o:axis:m7014_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:axis:m7014:-:*:*:*:*:*:*:* cpe:2.3:o:axis:m7016_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:axis:m3024-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q7401:-:*:*:*:*:*:*:* cpe:2.3:o:axis:m3025-ve_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:axis:q7424-r_mk_ii_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:axis:q7401_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:axis:q7424-r_mk_ii:-:*:*:*:*:*:*:* cpe:2.3:o:axis:q7414_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:axis:p7214_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:axis:p7216_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:axis:q7414:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p7214:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1214-e:-:*:*:*:*:*:*:* |
05 Feb 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Feb 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 06:15
Updated : 2024-11-21 08:42
NVD link : CVE-2023-5677
Mitre link : CVE-2023-5677
CVE.ORG link : CVE-2023-5677
JSON object : View
Products Affected
axis
- q7424-r_mk_ii
- p7216_firmware
- p1214-e_firmware
- q7401
- m7016_firmware
- m7014_firmware
- m3025-ve
- p7216
- p7214
- q7404_firmware
- q7424-r_mk_ii_firmware
- p7214_firmware
- q7404
- p1214-e
- q7414_firmware
- m7016
- q7414
- m3024-lve_firmware
- m3024-lve
- m7014
- q7401_firmware
- m3025-ve_firmware