FKIE_CVE-2024-47261

Vulnerability from fkie_nvd - Published: 2025-04-08 06:15 - Updated: 2025-04-08 18:13
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.
References
product-security@axis.comhttps://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device."
    },
    {
      "lang": "es",
      "value": "51l3nc3, miembro del programa de recompensas por errores de AXIS OS, descubri\u00f3 que la API de VAPIX uploadoverlayimage.cgi no ten\u00eda suficiente validaci\u00f3n de entrada para permitir que un atacante cargara archivos para bloquear el acceso para crear superposiciones de im\u00e1genes en la interfaz web del dispositivo Axis."
    }
  ],
  "id": "CVE-2024-47261",
  "lastModified": "2025-04-08T18:13:53.347",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "product-security@axis.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-08T06:15:43.053",
  "references": [
    {
      "source": "product-security@axis.com",
      "url": "https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf"
    }
  ],
  "sourceIdentifier": "product-security@axis.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1287"
        }
      ],
      "source": "product-security@axis.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.