CVE-2023-5677

Published Feb 5, 2024

Last updated 9 days ago

CVSS high 8.8

Overview

Description: Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Source: product-security@axis.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-94
product-security@axis.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m3024-lve:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51A676F7-81A2-470F-B5AE-0684596CD13F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m3024-lve_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CD58564-8A6D-4A4A-94BC-1163A7512951",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m3025-ve:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB751571-D477-4D70-90DE-7B956A752072"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m3025-ve_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19DB8F9A-73CB-48EE-B493-0C89BE2338FE",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m7014:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "37A5B7B4-9C9B-48A7-8EF6-B511BEA39456"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m7014_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "096D5F50-DFCB-436F-B17F-59DAB4CCDB11",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:m7016:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36508E54-ED34-4706-AF59-49ACBB21B60A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:m7016_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55063889-8669-4EEA-AAFD-AC8C37F61A99",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:p1214-e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0562D86-35D8-42A2-9784-BEF72209C2A0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:p1214-e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7535314-78B5-403A-BC93-FBBDB769821C",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:p7214:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F038A16-4542-4249-A06E-80E5456C70BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:p7214_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "722C5352-15D9-48DD-B64A-B8EC10DA15EC",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:p7216:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "056BA315-23A3-431A-9F7B-A1758808DB6E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:p7216_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC60D72C-6B09-4629-A28B-D0F4248F81C0",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:q7401_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B802948-6660-49AC-BBA9-7441A525D60C",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:q7401:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "15FBB812-E5B2-4152-AA6C-64138094FF90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:q7404_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "087E2F65-B69A-42DA-A354-EAE4D83EDB6D",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:q7404:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F6021F9F-3109-4D52-9C41-478AC758DBFC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:q7414_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF8E6DBA-575D-4DC7-847D-4E626617A199",
            "versionEndExcluding": "5.51.7.7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:q7414:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C5592008-9957-49AD-975A-C1F6F77817AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:axis:q7424-r_mk_ii_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75C0A14B-E3E8-4942-B87C-D71158B87905",
            "versionEndExcluding": "5.51.3.9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:axis:q7424-r_mk_ii:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6093F4BD-5C7E-4EE9-BA75-76FDA3D245FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References