The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LAxis Os
OSAxis12.0.0 – 12.3.33 (bez)Axis Os 2024
OSAxis11.8.0 – 11.11.140 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
Related vulnerabilities
CVE-2023-21413CRITICAL9.1ten sam produkt
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the install...
CVE-2025-11142HIGH7.1ten sam produkt
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote cod...
CVE-2025-0358HIGH8.8ten sam produkt
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...
CVE-2025-0360HIGH7.8ten sam produkt
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...
CVE-2025-0359HIGH8.5ten sam produkt
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ...