CVE-2024-8772

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version

Description: The VAPIX API managedoverlayimages.cgi is vulnerable to a race condition attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.

Recommendations: For AXIS OS versions prior to the patched version, update to the patched version as released by Axis to resolve the issue. As a temporary workaround, consider restricting access to the managedoverlayimages.cgi API endpoint until a patch is available.