CVE-2024-8772

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 1286

Summary

CVE-2024-8772 is a newly disclosed vulnerability in the VAPIX API managedoverlayimages.cgi of Axis devices. 51l3nc3, a member of the AXIS OS Bug Bounty Program, discovered that this component was susceptible to a race condition attack. This issue enables an attacker to obstruct access to the overlay configuration page in the web interface after authentication with an administrator-level service account. Axis has issued patched AXIS OS versions to address this vulnerability. It's essential for users to implement the security updates as soon as possible to protect their devices from potential unauthorized configuration changes.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share