Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
History

Fri, 29 Nov 2024 06:30:00 +0000


Fri, 29 Nov 2024 05:45:00 +0000


Fri, 08 Nov 2024 09:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-155

Wed, 30 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770

Tue, 10 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 05:15:00 +0000

Type Values Removed Values Added
Description Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Axis

Published: 2024-09-10T04:58:28.559Z

Updated: 2024-11-29T05:33:28.959Z

Reserved: 2024-07-04T11:14:14.032Z

Link: CVE-2024-6509

cve-icon Vulnrichment

Updated: 2024-09-10T14:28:46.482Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-10T05:15:12.997

Modified: 2024-11-29T06:15:07.640

Link: CVE-2024-6509

cve-icon Redhat

No data.