Path Traversal in Axis Axis_os
CVE-2023-21418
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operato…
EPSS: 0.007 (47.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H.
Affected products
- Axis Axis_os
- Axis Axis_os_2018
- Axis Axis_os_2020
- Axis Axis_os_2022
- Axis Communications Ab Os — versions AXIS OS 6.50 – 11.6
Weakness classification (CWE)
References
- product-security@axis.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-21418?
- CVE-2023-21418 is a high-severity vulnerability in Axis Axis_os, classified under Path Traversal: '.../...//'. CVSS score: 7.1/10. Published 2023-11-21.
- How severe is CVE-2023-21418?
- High severity. CVSS v3 base score is 7.1 out of 10.