Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-21413

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Published

2023-10-16T07:15:08.503

Last Modified

2024-11-21T07:42:48.777

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	axis	axis_os	< 10.12.199	Yes
Operating System	axis	axis_os	< 11.6.94	Yes

References

https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf Vendor Advisory ([email protected])
https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)