Audit Log Tampering and DoS Vulnerability in AXIS Camera Station
CVE-2024-7696

6.3MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Camera Station Pro
Vendor: CVE Published:; 7 January 2025

Summary

A vulnerability has been identified in AXIS Camera Station, where an authenticated attacker can manipulate audit log creation. This could lead not only to the alteration of important audit logs but also to the potential execution of Denial-of-Service attacks on the server. By crafting malicious audit log entries, the attacker can disrupt the normal functioning of the AXIS Camera Station server. Axis Communications has already released a patch to mitigate this issue. For further details, please consult the Axis security advisory linked below.

Affected Version(s)

AXIS Camera Station Pro <6.5

References

https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Aug 12, 2024