CVE-2024-8772: Detailed Vulnerability Analysis and Overview

Status: Received - Published on 26-11-2024

CVE-2024-8772
Vulnerability Scoring

4.3
/10

Attack Complexity Details

  • Attack Complexity: Low Impact
  • Attack Vector: NETWORK
  • Privileges Required: Low Impact
  • Scope: UNCHANGED
  • User Interaction: NONE

CIA Impact Definition

  • Confidentiality:
  • Integrity:
  • Availability: Low Impact

CVE-2024-8772 Vulnerability Summary

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Need help fixing CVEs? Check out our Step-by-Step Guide on How to Fix CVEs.

Access Complexity Graph for CVE-2024-8772

Impact Analysis for CVE-2024-8772

CVE-2024-8772: Detailed Information and External References

EPSS

0.00043

EPSS %

0.10932

References

0.00043

CWE

CWE-1286

CAPEC

0.00043

  • SQL Injection: This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
  • NoSQL Injection: An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.

CVSS3 Source

product-security@axis.com

CVSS3 Type

Secondary

CVSS3 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Protect Your Infrastructure: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Recently Published CVEs