CVE-2023-21416

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions AXIS OS (affected versions not specified)

Description The VAPIX API dynamicoverlay.cgi is vulnerable to a Denial-of-Service attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of the attack is significant, as it can cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-35CWE-404

Related Identifiers

BDU:2023-08532

CVE-2023-21416

Affected Products

Axis Os

CVE-2023-21416

Weakness Enumeration

Related Identifiers

Affected Products

References · 8