CVE-2023-21418

Name of the Vulnerable Software and Affected Versions AXIS OS (affected versions not specified)

Description The VAPIX API irissetup.cgi is vulnerable to path traversal attacks, allowing for file deletion. This issue can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this issue is lower with operator service accounts and limited to non-system files compared to administrator-privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.