Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Axis
Published: 2023-10-16T06:24:13.381Z
Updated: 2024-09-16T19:55:47.712Z
Reserved: 2022-11-04T18:30:01.767Z
Link: CVE-2023-21415
Vulnrichment
Updated: 2024-08-02T09:36:34.475Z
NVD
Status : Analyzed
Published: 2023-10-16T07:15:08.760
Modified: 2023-10-19T20:19:06.067
Link: CVE-2023-21415
Redhat
No data.