CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:axis:axis_os:::::active:::*
	cpe:2.3:o:axis:axis_os_2020:::::lts:::*
	cpe:2.3:o:axis:axis_os_2022:::::lts:::*

History

28 Nov 2023, 21:35

Type	Values Removed	Values Added
CWE		CWE-22
References	~~() https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf -~~	() https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
First Time		Axis axis Os 2022 Axis Axis axis Os 2020 Axis axis Os
CPE		cpe:2.3:o:axis:axis_os:::::active:::* cpe:2.3:o:axis:axis_os_2022:::::lts:::* cpe:2.3:o:axis:axis_os_2020:::::lts:::*

21 Nov 2023, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-21 07:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-21417

Mitre link : CVE-2023-21417

CVE.ORG link : CVE-2023-21417

JSON object : View

Products Affected

axis

axis_os_2020
axis_os_2022
axis_os

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-21417", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "product-security@axis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2023-11-21T07:15:09.283", "references": [{"url": "https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf", "tags": ["Vendor Advisory"], "source": "product-security@axis.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program,\n\nhas found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges.\n Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n\n\n\n"}, {"lang": "es", "value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX enableoverlayimage.cgi era vulnerable a ataques de path traversal que permiten la eliminaci\u00f3n de archivos/carpetas. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. El impacto de explotar esta vulnerabilidad es menor con las cuentas de servicio del operador y se limita a archivos que no pertenecen al sistema en comparaci\u00f3n con los privilegios de administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "lastModified": "2023-11-28T21:35:41.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "vulnerable": true, "matchCriteriaId": "D4DE1198-6B4E-41BF-A97F-0EBD1B575D21", "versionEndExcluding": "11.7.57"}, {"criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E20A1DAB-0D5B-4952-B4C0-A6A5808C49FD", "versionEndExcluding": "9.80.49"}, {"criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC5A60B-0BD7-4ABC-8AA6-F1C8ED964EB2", "versionEndExcluding": "10.12.208"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@axis.com"}