Path Traversal in Axis Axis_os

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operato…

EPSS: 0.007 (47.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-21418?
CVE-2023-21418 is a high-severity vulnerability in Axis Axis_os, classified under Path Traversal: '.../...//'. CVSS score: 7.1/10. Published 2023-11-21.
How severe is CVE-2023-21418?
High severity. CVSS v3 base score is 7.1 out of 10.