admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-00xx/CVE-2024-0067.json
cad-safe-bot 6bb91c22de Auto-Update: 2024-09-10T14:00:33.301427+00:00
2024-09-10 14:03:33 +00:00

48 lines
2.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-0067",
"sourceIdentifier": "product-security@axis.com",
"published": "2024-09-10T05:15:10.460",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Marinus Pfund, member of the AXIS OS Bug Bounty Program, \nhas found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
},
{
"lang": "es",
"value": "Marinus Pfund, miembro del programa Bug Bounty de AXIS OS, ha descubierto que la API ledlimit.cgi de VAPIX era vulnerable a ataques de path traversal que permit\u00edan enumerar los nombres de carpetas y archivos en el sistema de archivos local del dispositivo Axis. Axis ha publicado versiones parcheadas de AXIS OS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@axis.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.axis.com/dam/public/c7/d0/91/cve-2024-0067-en-US-448994.pdf",
"source": "product-security@axis.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink