CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.8%

CVSS Severity

CVSS v3 Score 6.3

References

Products affected by CVE-2023-5677

Axis » M3024-Lve » Version: N/A

cpe:2.3:h:axis:m3024-lve:-
Axis » M3025-Ve » Version: N/A

cpe:2.3:h:axis:m3025-ve:-
Axis » M7014 » Version: N/A

cpe:2.3:h:axis:m7014:-
Axis » M7016 » Version: N/A

cpe:2.3:h:axis:m7016:-
Axis » P1214-E » Version: N/A

cpe:2.3:h:axis:p1214-e:-
Axis » P7214 » Version: N/A

cpe:2.3:h:axis:p7214:-
Axis » P7216 » Version: N/A

cpe:2.3:h:axis:p7216:-
Axis » Q7401 » Version: N/A

cpe:2.3:h:axis:q7401:-
Axis » Q7404 » Version: N/A

cpe:2.3:h:axis:q7404:-
Axis » Q7414 » Version: N/A

cpe:2.3:h:axis:q7414:-
Axis » Q7424-R Mk Ii » Version: N/A

cpe:2.3:h:axis:q7424-r_mk_ii:-
Axis » M3024-Lve Firmware » Version: 5.51.5

cpe:2.3:o:axis:m3024-lve_firmware:5.51.5
Axis » M3025-Ve Firmware » Version: 5.51.5

cpe:2.3:o:axis:m3025-ve_firmware:5.51.5
Axis » M7014 Firmware » Version: 5.51.5

cpe:2.3:o:axis:m7014_firmware:5.51.5
Axis » M7016 Firmware » Version: 5.51.5

cpe:2.3:o:axis:m7016_firmware:5.51.5
Axis » P1214-E Firmware » Version: 5.51.5

cpe:2.3:o:axis:p1214-e_firmware:5.51.5
Axis » P7214 Firmware » Version: 5.51.5

cpe:2.3:o:axis:p7214_firmware:5.51.5
Axis » P7216 Firmware » Version: 5.51.5

cpe:2.3:o:axis:p7216_firmware:5.51.5
Axis » Q7401 Firmware » Version: 5.51.5

cpe:2.3:o:axis:q7401_firmware:5.51.5
Axis » Q7404 Firmware » Version: 5.51.5

cpe:2.3:o:axis:q7404_firmware:5.51.5
Axis » Q7414 Firmware » Version: Any

cpe:2.3:o:axis:q7414_firmware:*
Axis » Q7424-R Mk Ii Firmware » Version: 5.51.3.5

cpe:2.3:o:axis:q7424-r_mk_ii_firmware:5.51.3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-5677

Products

Pricing

Contact Us