PT-2024-15328 · Axis Communications · Axis Os
Published
2024-03-18
·
Updated
2024-11-08
·
CVE-2024-0055
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
AXIS OS versions prior to the patched version
Description
The VAPIX APIs, specifically the "mediaclip.cgi" and "playclip.cgi" endpoints, were found to be vulnerable to file globbing, which could lead to a resource exhaustion attack. This issue was discovered by Sandro Poppi, a member of the AXIS OS Bug Bounty Program.
Recommendations
For AXIS OS versions prior to the patched version, update to the latest patched version of AXIS OS to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable "mediaclip.cgi" and "playclip.cgi" API endpoints until a patch is applied.
Fix
Improper Neutralization of Wildcards
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axis Os