CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-5677

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.1%

CVSS Severity

CVSS v3 Score 6.3

References

Products affected by CVE-2023-5677

Axis » M3024-Lve » Version: N/A

cpe:2.3:h:axis:m3024-lve:-
Axis » M3025-Ve » Version: N/A

cpe:2.3:h:axis:m3025-ve:-
Axis » M7014 » Version: N/A

cpe:2.3:h:axis:m7014:-
Axis » M7016 » Version: N/A

cpe:2.3:h:axis:m7016:-
Axis » P1214-E » Version: N/A

cpe:2.3:h:axis:p1214-e:-
Axis » P7214 » Version: N/A

cpe:2.3:h:axis:p7214:-
Axis » P7216 » Version: N/A

cpe:2.3:h:axis:p7216:-
Axis » Q7401 » Version: N/A

cpe:2.3:h:axis:q7401:-
Axis » Q7404 » Version: N/A

cpe:2.3:h:axis:q7404:-
Axis » Q7414 » Version: N/A

cpe:2.3:h:axis:q7414:-
Axis » Q7424-R Mk Ii » Version: N/A

cpe:2.3:h:axis:q7424-r_mk_ii:-
Axis » M3024-Lve Firmware » Version: 5.51.5

cpe:2.3:o:axis:m3024-lve_firmware:5.51.5
Axis » M3025-Ve Firmware » Version: 5.51.5

cpe:2.3:o:axis:m3025-ve_firmware:5.51.5
Axis » M7014 Firmware » Version: 5.51.5

cpe:2.3:o:axis:m7014_firmware:5.51.5
Axis » M7016 Firmware » Version: 5.51.5

cpe:2.3:o:axis:m7016_firmware:5.51.5
Axis » P1214-E Firmware » Version: 5.51.5

cpe:2.3:o:axis:p1214-e_firmware:5.51.5
Axis » P7214 Firmware » Version: 5.51.5

cpe:2.3:o:axis:p7214_firmware:5.51.5
Axis » P7216 Firmware » Version: 5.51.5

cpe:2.3:o:axis:p7216_firmware:5.51.5
Axis » Q7401 Firmware » Version: 5.51.5

cpe:2.3:o:axis:q7401_firmware:5.51.5
Axis » Q7404 Firmware » Version: 5.51.5

cpe:2.3:o:axis:q7404_firmware:5.51.5
Axis » Q7414 Firmware » Version: Any

cpe:2.3:o:axis:q7414_firmware:*
Axis » Q7424-R Mk Ii Firmware » Version: 5.51.3.5

cpe:2.3:o:axis:q7424-r_mk_ii_firmware:5.51.3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-5677

Products

Pricing

Contact Us