A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HAxis A1210 \( B\)
HWAxiswszystkie wersjeAxis A1214
HWAxiswszystkie wersjeAxis A1601
HWAxiswszystkie wersjeAxis A1610 \( B\)
HWAxiswszystkie wersjeAxis A1710 B
HWAxiswszystkie wersjeAxis A1810 B
HWAxiswszystkie wersjeAxis A8207 Ve Mk Ii
HWAxiswszystkie wersjeAxis Os
OSAxis12.0.0 – 12.6.69 (bez)Axis C1110 E
HWAxiswszystkie wersjeAxis C1111 E
HWAxiswszystkie wersjeAxis C1210 E
HWAxiswszystkie wersjeAxis C1211 E
HWAxiswszystkie wersjeAxis C1310 E Mk Ii
HWAxiswszystkie wersjeAxis C1410 Mk Ii
HWAxiswszystkie wersjeAxis C1510
HWAxiswszystkie wersjeAxis C1511
HWAxiswszystkie wersjeAxis C1610 Ve
HWAxiswszystkie wersjeAxis C1710
HWAxiswszystkie wersjeAxis C1720
HWAxiswszystkie wersjeAxis C6110
HWAxiswszystkie wersjeAxis C8110
HWAxiswszystkie wersjeAxis C8210
HWAxiswszystkie wersjeAxis D1110
HWAxiswszystkie wersjeAxis D201 S Xpt Q6075
HWAxiswszystkie wersjeAxis D2110 Ve
HWAxiswszystkie wersjeAxis D2210 Ve
HWAxiswszystkie wersjeAxis D3110 Mk Ii
HWAxiswszystkie wersjeAxis D4100 Ve Mk Ii
HWAxiswszystkie wersjeAxis D4200 Ve
HWAxiswszystkie wersjeAxis D6310
HWAxiswszystkie wersje
Related vulnerabilities
Privilege escalation w VAPIX Device Configuration Framework (Axis OS)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the install...
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote cod...
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...