CVE-2023-5677

Name of the Vulnerable Software and Affected Versions AXIS OS versions (affected versions not specified)

Description The VAPIX API tcptest.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this issue is lower with operator-privileges compared to administrator-privileges service accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.