CVE-2024-8772
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-8772 is a newly disclosed vulnerability in the VAPIX API managedoverlayimages.cgi of Axis devices. 51l3nc3, a member of the AXIS OS Bug Bounty Program, discovered that this component was susceptible to a race condition attack. This issue enables an attacker to obstruct access to the overlay configuration page in the web interface after authentication with an administrator-level service account. Axis has issued patched AXIS OS versions to address this vulnerability. It's essential for users to implement the security updates as soon as possible to protect their devices from potential unauthorized configuration changes.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- O S