CVE-2024-0067
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-0067 is a path traversal vulnerability discovered in the VAPIX API on specific Axis devices, which allows unauthorized listing of folder and file names on the local file system. The affected products include various models such as yeMExv, yeMW2I, yeN2Ee, among others. Axis has addressed this issue by releasing patched versions of AXIS OS to remediate the vulnerability. The flaw poses a medium-level risk to organizations, with a CVSS base score of 4.3, as it could potentially lead to unauthorized access to sensitive information despite requiring low privileges and user interaction. For further details and mitigation steps, organizations are advised to refer to the Axis security advisory linked in the provided resources.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.