cvelistv5 - cve-2023-21415

CVE-2023-21415 (GCVE-0-2023-21415)

Vulnerability from cvelistv5 – Published: 2023-10-16 06:24 – Updated: 2024-11-08 08:33

Summary

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-35 - Path Traversal

Assigner

Axis

References

URL

Tags

https://www.axis.com/dam/public/b6/55/e2/cve-2023…

Impacted products

	Vendor	Product	Version
	Axis Communications AB	AXIS OS	Affected: AXIS OS 6.50 – 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:36:34.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21415",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T19:55:38.666787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T19:55:47.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "status": "affected",
              "version": "AXIS OS 6.50 \u2013 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \u003cbr\u003e"
            }
          ],
          "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35: Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T08:33:59.027Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2023-21415",
    "datePublished": "2023-10-16T06:24:13.381Z",
    "dateReserved": "2022-11-04T18:30:01.767Z",
    "dateUpdated": "2024-11-08T08:33:59.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"6.50.5.3\", \"versionEndExcluding\": \"6.50.5.14\", \"matchCriteriaId\": \"F0C843A9-2BA5-4E3F-85D9-D9D2C65B7BAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*\", \"versionStartIncluding\": \"11.0.81\", \"versionEndExcluding\": \"11.6.94\", \"matchCriteriaId\": \"09CFB55B-2098-478D-A6AE-A200F2EC42BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"6.50.2\", \"versionEndExcluding\": \"6.50.5.2\", \"matchCriteriaId\": \"0E3843E2-4943-440F-99E9-8026C9818596\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*\", \"versionEndExcluding\": \"8.40.35\", \"matchCriteriaId\": \"A714346C-6398-46ED-81F0-5546B00A2DEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*\", \"versionEndExcluding\": \"9.80.47\", \"matchCriteriaId\": \"8AFCB4A6-3BFD-48CF-A84B-0D83DB101BBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*\", \"versionEndExcluding\": \"10.12.206\", \"matchCriteriaId\": \"4E686725-735A-47FC-87F1-A1899A916315\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\"}, {\"lang\": \"es\", \"value\": \"Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\\u00f3 que la API VAPIX overlay_del.cgi es vulnerable a ataques de Path Traversal que permiten la eliminaci\\u00f3n de archivos. Esta falla solo puede explotarse despu\\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\\u00e1s informaci\\u00f3n y soluciones.\"}]",
      "id": "CVE-2023-21415",
      "lastModified": "2024-11-21T07:42:49.053",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}]}",
      "published": "2023-10-16T07:15:08.760",
      "references": "[{\"url\": \"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf\", \"source\": \"product-security@axis.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@axis.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-35\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-21415\",\"sourceIdentifier\":\"product-security@axis.com\",\"published\":\"2023-10-16T07:15:08.760\",\"lastModified\":\"2024-11-21T07:42:49.053\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\"},{\"lang\":\"es\",\"value\":\"Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX overlay_del.cgi es vulnerable a ataques de Path Traversal que permiten la eliminaci\u00f3n de archivos. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-35\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.50.5.3\",\"versionEndExcluding\":\"6.50.5.14\",\"matchCriteriaId\":\"F0C843A9-2BA5-4E3F-85D9-D9D2C65B7BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*\",\"versionStartIncluding\":\"11.0.81\",\"versionEndExcluding\":\"11.6.94\",\"matchCriteriaId\":\"09CFB55B-2098-478D-A6AE-A200F2EC42BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"6.50.2\",\"versionEndExcluding\":\"6.50.5.2\",\"matchCriteriaId\":\"0E3843E2-4943-440F-99E9-8026C9818596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"8.40.35\",\"matchCriteriaId\":\"A714346C-6398-46ED-81F0-5546B00A2DEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"9.80.47\",\"matchCriteriaId\":\"8AFCB4A6-3BFD-48CF-A84B-0D83DB101BBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"10.12.206\",\"matchCriteriaId\":\"4E686725-735A-47FC-87F1-A1899A916315\"}]}]}],\"references\":[{\"url\":\"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf\",\"source\":\"product-security@axis.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:36:34.475Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21415\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-16T19:55:38.666787Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-16T19:55:43.470Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Axis Communications AB\", \"product\": \"AXIS OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"AXIS OS 6.50 \\u2013 11.5\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-35\", \"description\": \"CWE-35: Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"shortName\": \"Axis\", \"dateUpdated\": \"2024-11-08T08:33:59.027Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-21415\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T08:33:59.027Z\", \"dateReserved\": \"2022-11-04T18:30:01.767Z\", \"assignerOrgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"datePublished\": \"2023-10-16T06:24:13.381Z\", \"assignerShortName\": \"Axis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-FP27-QFPM-95W8

Vulnerability from github – Published: 2023-10-16 09:30 – Updated: 2024-04-04 08:39

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-21415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-16T07:15:08Z",
    "severity": "HIGH"
  },
  "details": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n",
  "id": "GHSA-fp27-qfpm-95w8",
  "modified": "2024-04-04T08:39:25Z",
  "published": "2023-10-16T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21415"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/58/0b/36/cve-2023-21415pdf-en-US-412759.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0849

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans AXIS OS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Axis	N/A	AXIS OS versions antérieures à 11.6.94
Axis	N/A	AXIS OS (anciennement LTS) versions antérieures à 6.50.14 (pour les produits qui sont encore supportés)
Axis	N/A	AXIS OS LTS 2022 versions antérieures à 10.12.206
Axis	N/A	AXIS OS LTS 2020 versions antérieures à 8.40.35
Axis	N/A	AXIS OS LTS 2020 versions antérieures à 9.80.47

References

Title

Publication Time

Tags

Bulletin de sécurité Axis cve-2023-21413 du 16 octobre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21414 du 16 octobre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21415 du 16 octobre 2023	None	vendor-advisory
Bulletin de sécurité Axis CVE-2023-21415 du 16 octobre 2023	-	other
Bulletin de sécurité Axis CVE-2023-21413 du 16 octobre 2023	-	other
Bulletin de sécurité Axis CVE-2023-21414 du 16 octobre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AXIS OS versions ant\u00e9rieures \u00e0 11.6.94",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS (anciennement LTS) versions ant\u00e9rieures \u00e0 6.50.14 (pour les produits qui sont encore support\u00e9s)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS LTS 2022 versions ant\u00e9rieures \u00e0 10.12.206",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS LTS 2020 versions ant\u00e9rieures \u00e0 8.40.35",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS LTS 2020 versions ant\u00e9rieures \u00e0 9.80.47",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21415"
    },
    {
      "name": "CVE-2023-21414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21414"
    },
    {
      "name": "CVE-2023-21413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21413"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21415 du 16 octobre 2023",
      "url": "https://www.axis.com/dam/public/58/0b/36/cve-2023-21415pdf-en-US-412759.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21413 du 16 octobre 2023",
      "url": "https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21414 du 16 octobre 2023",
      "url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
    }
  ],
  "reference": "CERTFR-2023-AVI-0849",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans AXIS OS. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans AXIS OS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21413 du 16 octobre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21414 du 16 octobre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21415 du 16 octobre 2023",
      "url": null
    }
  ]
}

CERTFR-2023-AVI-0849

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Axis	N/A	AXIS OS versions antérieures à 11.6.94
Axis	N/A	AXIS OS (anciennement LTS) versions antérieures à 6.50.14 (pour les produits qui sont encore supportés)
Axis	N/A	AXIS OS LTS 2022 versions antérieures à 10.12.206
Axis	N/A	AXIS OS LTS 2020 versions antérieures à 8.40.35
Axis	N/A	AXIS OS LTS 2020 versions antérieures à 9.80.47

References

Title

Publication Time

Tags

Bulletin de sécurité Axis cve-2023-21413 du 16 octobre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21414 du 16 octobre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21415 du 16 octobre 2023	None	vendor-advisory
Bulletin de sécurité Axis CVE-2023-21415 du 16 octobre 2023	-	other
Bulletin de sécurité Axis CVE-2023-21413 du 16 octobre 2023	-	other
Bulletin de sécurité Axis CVE-2023-21414 du 16 octobre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AXIS OS versions ant\u00e9rieures \u00e0 11.6.94",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS (anciennement LTS) versions ant\u00e9rieures \u00e0 6.50.14 (pour les produits qui sont encore support\u00e9s)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS LTS 2022 versions ant\u00e9rieures \u00e0 10.12.206",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS LTS 2020 versions ant\u00e9rieures \u00e0 8.40.35",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS LTS 2020 versions ant\u00e9rieures \u00e0 9.80.47",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21415"
    },
    {
      "name": "CVE-2023-21414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21414"
    },
    {
      "name": "CVE-2023-21413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21413"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21415 du 16 octobre 2023",
      "url": "https://www.axis.com/dam/public/58/0b/36/cve-2023-21415pdf-en-US-412759.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21413 du 16 octobre 2023",
      "url": "https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21414 du 16 octobre 2023",
      "url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
    }
  ],
  "reference": "CERTFR-2023-AVI-0849",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans AXIS OS. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans AXIS OS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21413 du 16 octobre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21414 du 16 octobre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21415 du 16 octobre 2023",
      "url": null
    }
  ]
}

FKIE_CVE-2023-21415

Vulnerability from fkie_nvd - Published: 2023-10-16 07:15 - Updated: 2024-11-21 07:42

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

References

	URL	Tags
	product-security@axis.com	https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
axis	axis_os	*
axis	axis_os	*
axis	axis_os_2016	*
axis	axis_os_2018	*
axis	axis_os_2020	*
axis	axis_os_2022	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "F0C843A9-2BA5-4E3F-85D9-D9D2C65B7BAA",
              "versionEndExcluding": "6.50.5.14",
              "versionStartIncluding": "6.50.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
              "matchCriteriaId": "09CFB55B-2098-478D-A6AE-A200F2EC42BC",
              "versionEndExcluding": "11.6.94",
              "versionStartIncluding": "11.0.81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "0E3843E2-4943-440F-99E9-8026C9818596",
              "versionEndExcluding": "6.50.5.2",
              "versionStartIncluding": "6.50.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "A714346C-6398-46ED-81F0-5546B00A2DEB",
              "versionEndExcluding": "8.40.35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "8AFCB4A6-3BFD-48CF-A84B-0D83DB101BBC",
              "versionEndExcluding": "9.80.47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4E686725-735A-47FC-87F1-A1899A916315",
              "versionEndExcluding": "10.12.206",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
    },
    {
      "lang": "es",
      "value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX overlay_del.cgi es vulnerable a ataques de Path Traversal que permiten la eliminaci\u00f3n de archivos. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
    }
  ],
  "id": "CVE-2023-21415",
  "lastModified": "2024-11-21T07:42:49.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "product-security@axis.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T07:15:08.760",
  "references": [
    {
      "source": "product-security@axis.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
    }
  ],
  "sourceIdentifier": "product-security@axis.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-35"
        }
      ],
      "source": "product-security@axis.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-21415

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-21415

Aliases

CVE-2023-21415

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-21415",
    "id": "GSD-2023-21415"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-21415"
      ],
      "details": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n",
      "id": "GSD-2023-21415",
      "modified": "2023-12-13T01:20:25.465377Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@axis.com",
        "ID": "CVE-2023-21415",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AXIS OS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "AXIS OS 6.50 \u2013 11.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Axis Communications AB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf",
            "refsource": "MISC",
            "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.12.206",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.40.35",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.80.47",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.50.5.14",
                "versionStartIncluding": "6.50.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6.94",
                "versionStartIncluding": "11.0.81",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.50.5.2",
                "versionStartIncluding": "6.50.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@axis.com",
          "ID": "CVE-2023-21415"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-10-19T20:19Z",
      "publishedDate": "2023-10-16T07:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-21415 (GCVE-0-2023-21415)

GHSA-FP27-QFPM-95W8

CERTFR-2023-AVI-0849

Solution

CERTFR-2023-AVI-0849

Solution

FKIE_CVE-2023-21415

GSD-2023-21415

Tags

Sightings

Nomenclature