{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47262", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2024-09-23T16:37:50.256Z", "datePublished": "2025-03-04T05:19:09.007Z", "dateUpdated": "2025-03-28T07:11:08.168Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS OS", "vendor": "Axis Communications AB", "versions": [{"lessThan": "6.50.5.19", "status": "affected", "version": "6.50.0", "versionType": "semver"}, {"lessThan": "8.40.66", "status": "affected", "version": "7.0.0", "versionType": "semver"}, {"lessThan": "9.80.90", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThan": "10.12.270", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThan": "11.11.127", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThan": "12.3.4", "status": "affected", "version": "12.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\n\n\n\n<br>"}], "value": "Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-03-28T07:11:08.168Z"}, "references": [{"url": "https://www.axis.com/dam/public/a3/18/6e/cve-2024-47262pdf-en-US-466884.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T15:25:28.866591Z", "id": "CVE-2024-47262", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T16:08:43.647Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T15:25:28.866591Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:25:44.554Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS OS", "versions": [{"status": "affected", "version": "6.50.0", "lessThan": "6.50.5.19", "versionType": "semver"}, {"status": "affected", "version": "7.0.0", "lessThan": "8.40.66", "versionType": "semver"}, {"status": "affected", "version": "9.0.0", "lessThan": "9.80.90", "versionType": "semver"}, {"status": "affected", "version": "10.0.0", "lessThan": "10.12.270", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThan": "11.11.127", "versionType": "semver"}, {"status": "affected", "version": "12.0.0", "lessThan": "12.3.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/a3/18/6e/cve-2024-47262pdf-en-US-466884.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", "supportingMedia": [{"type": "text/html", "value": "Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\n\n\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-03-28T07:11:08.168Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47262", "state": "PUBLISHED", "dateUpdated": "2025-03-28T07:11:08.168Z", "dateReserved": "2024-09-23T16:37:50.256Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2025-03-04T05:19:09.007Z", "assignerShortName": "Axis"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "AXIS OS", "vendor": "Axis Communications AB", "versions": [{"lessThan": "6.50.5.19", "status": "affected", "version": "6.50.0", "versionType": "semver"}, {"lessThan": "8.40.66", "status": "affected", "version": "7.0.0", "versionType": "semver"}, {"lessThan": "9.80.90", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThan": "10.12.270", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThan": "11.11.127", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThan": "12.3.4", "status": "affected", "version": "12.0.0", "versionType": "semver"}]}], "source": "product-security@axis.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Dzmitry Lukyanenka, miembro del programa Bug Bounty de AXIS OS, ha descubierto que el param.cgi de la API de VAPIX era vulnerable a un ataque de condici\u00f3n de ejecuci\u00f3n que permit\u00eda a un atacante bloquear el acceso a la interfaz web del dispositivo de Axis. Otros endpoints o servicios de la API que no utilizan param.cgi no se ven afectados. Axis ha publicado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "id": "CVE-2024-47262", "lastModified": "2026-06-17T07:56:48.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "product-security@axis.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-47262", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-03-04T15:25:28.866591Z", "version": "2.0.3"}}]}, "published": "2025-03-04T06:15:29.867", "references": [{"source": "product-security@axis.com", "url": "https://www.axis.com/dam/public/a3/18/6e/cve-2024-47262pdf-en-US-466884.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "product-security@axis.com", "type": "Secondary"}]}

{}

{}