CVE-2024-8160
CVSS V2 None
CVSS V3 None
Description
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Overview
- CVE ID
- CVE-2024-8160
- Assigner
- Axis
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-26T07:27:32.229Z
- Last Modified Date
- 2024-11-26T14:09:25.517Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8160 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8160 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-27 13:08:24 | Added to TrackCVE |