CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:axis:axis_os:::::-:::*
	cpe:2.3:o:axis:axis_os:::::active:::*
	cpe:2.3:o:axis:axis_os_2018:::::lts:::*
	cpe:2.3:o:axis:axis_os_2020:::::lts:::*
	cpe:2.3:o:axis:axis_os_2022:::::lts:::*

History

28 Nov 2023, 21:34

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
First Time		Axis Axis axis Os 2020 Axis axis Os Axis axis Os 2022 Axis axis Os 2018
References	~~() https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf -~~	() https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf - Vendor Advisory
CPE		cpe:2.3:o:axis:axis_os_2018:::::lts:::* cpe:2.3:o:axis:axis_os:::::active:::* cpe:2.3:o:axis:axis_os_2022:::::lts:::* cpe:2.3:o:axis:axis_os:::::-:::* cpe:2.3:o:axis:axis_os_2020:::::lts:::*
CWE		CWE-22

21 Nov 2023, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-21 07:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-21418

Mitre link : CVE-2023-21418

CVE.ORG link : CVE-2023-21418

JSON object : View

Products Affected

axis

axis_os_2020
axis_os
axis_os_2022
axis_os_2018

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-21418", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "product-security@axis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2023-11-21T07:15:09.583", "references": [{"url": "https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf", "tags": ["Vendor Advisory"], "source": "product-security@axis.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n\n\n\n"}, {"lang": "es", "value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX irissetup.cgi era vulnerable a ataques de path traversal que permit\u00edan la eliminaci\u00f3n de archivos. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. El impacto de explotar esta vulnerabilidad es menor con las cuentas de servicio del operador y se limita a archivos que no pertenecen al sistema en comparaci\u00f3n con los privilegios de administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "lastModified": "2023-11-28T21:34:55.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "FA86FDF1-58AD-4490-BF2B-D6C8DC083894", "versionEndExcluding": "6.50.5.15"}, {"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "vulnerable": true, "matchCriteriaId": "D4DE1198-6B4E-41BF-A97F-0EBD1B575D21", "versionEndExcluding": "11.7.57"}, {"criteria": "cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "A714346C-6398-46ED-81F0-5546B00A2DEB", "versionEndExcluding": "8.40.35"}, {"criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E20A1DAB-0D5B-4952-B4C0-A6A5808C49FD", "versionEndExcluding": "9.80.49"}, {"criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "EB91B5E0-93B8-4FD7-9199-B780170A5770", "versionEndExcluding": "10.12.213"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@axis.com"}