{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6979", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2024-07-22T11:34:26.029Z", "datePublished": "2024-09-10T05:07:42.554Z", "dateUpdated": "2024-11-08T08:44:18.943Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS OS", "vendor": "Axis Communications AB", "versions": [{"status": "affected", "version": "11.11"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. \nAxis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\n\n<br>"}], "value": "Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. \nAxis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2024-11-08T08:44:18.943Z"}, "references": [{"url": "https://www.axis.com/dam/public/c3/44/5b/cve-2024-6979-en-US-448997.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "axis", "product": "axis_os", "cpes": ["cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.11", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T18:16:30.463718Z", "id": "CVE-2024-6979", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T18:26:23.250Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6979", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T18:16:30.463718Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*"], "vendor": "axis", "product": "axis_os", "versions": [{"status": "affected", "version": "11.11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T18:26:14.924Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS OS", "versions": [{"status": "affected", "version": "11.11"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/c3/44/5b/cve-2024-6979-en-US-448997.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. \nAxis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", "supportingMedia": [{"type": "text/html", "value": "Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. \nAxis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2024-11-08T08:44:18.943Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6979", "state": "PUBLISHED", "dateUpdated": "2024-11-08T08:44:18.943Z", "dateReserved": "2024-07-22T11:34:26.029Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2024-09-10T05:07:42.554Z", "assignerShortName": "Axis"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. \nAxis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Amin Aliakbari, miembro del programa Bug Bounty de AXIS OS, ha descubierto un control de acceso defectuoso que podr\u00eda provocar que las cuentas de operador y/o espectador con menos privilegios tuvieran m\u00e1s privilegios de los previstos. El riesgo de explotaci\u00f3n es muy bajo, ya que requiere pasos complejos para su ejecuci\u00f3n, incluido el conocimiento de las contrase\u00f1as de las cuentas y ataques de ingenier\u00eda social para enga\u00f1ar al administrador para que realice configuraciones espec\u00edficas en cuentas con privilegios de operador y/o espectador. Axis ha publicado una versi\u00f3n parcheada de AXIS OS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "id": "CVE-2024-6979", "lastModified": "2024-11-08T09:15:07.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "product-security@axis.com", "type": "Secondary"}]}, "published": "2024-09-10T06:15:01.990", "references": [{"source": "product-security@axis.com", "url": "https://www.axis.com/dam/public/c3/44/5b/cve-2024-6979-en-US-448997.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "product-security@axis.com", "type": "Secondary"}]}

{}