Axis: Security Vulnerabilities
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-16
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for
arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for
SQL injections.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
A broken access control was found allowing for privileged escalation of the operator account to gain
administrator privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-08-03
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials
that are used in the integration interface towards 3rd party systems.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-08-03
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator
credentials allowing the configuration of the application.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-08-03
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for
arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP communication allowing to write outside of the allocated buffer. By
appending invalid data to an OSDP message it was possible to write data beyond the heap
allocated buffer. The data written outside the buffer could be used to execute arbitrary code.
lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-25
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod process, causing a temporary unavailability of the door-controlling functionalities
meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted
as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-25
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-08