Path Traversal Vulnerability in Axis Communications' VAPIX API
CVE-2023-21415

8.1HIGH

Key Information:

Vendor

Axis Communications Ab

Status
Axis Os
Vendor
CVE Published:
16 October 2023

What is CVE-2023-21415?

A security vulnerability has been identified in the VAPIX API's overlay_del.cgi within AXIS OS. This flaw allows authenticated users with operator or administrator privileges to execute a path traversal attack, leading to potential file deletion. It is vital for users to update their AXIS OS installations to the latest patched version to mitigate any security risks associated with this vulnerability. For further details and remediation steps, please refer to the Axis security advisory.

Affected Version(s)

AXIS OS AXIS OS 6.50 – 11.5

References

https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pd...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.