{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T07:11:18.990","vulnerabilities":[{"cve":{"id":"CVE-2023-21415","sourceIdentifier":"product-security@axis.com","published":"2023-10-16T07:15:08.760","lastModified":"2024-11-21T07:42:49.053","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."},{"lang":"es","value":"Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubrió que la API VAPIX overlay_del.cgi es vulnerable a ataques de Path Traversal que permiten la eliminación de archivos. Esta falla solo puede explotarse después de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener más información y soluciones."}],"metrics":{"cvssMetricV31":[{"source":"product-security@axis.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"product-security@axis.com","type":"Secondary","description":[{"lang":"en","value":"CWE-35"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*","versionStartIncluding":"6.50.5.3","versionEndExcluding":"6.50.5.14","matchCriteriaId":"F0C843A9-2BA5-4E3F-85D9-D9D2C65B7BAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*","versionStartIncluding":"11.0.81","versionEndExcluding":"11.6.94","matchCriteriaId":"09CFB55B-2098-478D-A6AE-A200F2EC42BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*","versionStartIncluding":"6.50.2","versionEndExcluding":"6.50.5.2","matchCriteriaId":"0E3843E2-4943-440F-99E9-8026C9818596"},{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*","versionEndExcluding":"8.40.35","matchCriteriaId":"A714346C-6398-46ED-81F0-5546B00A2DEB"},{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*","versionEndExcluding":"9.80.47","matchCriteriaId":"8AFCB4A6-3BFD-48CF-A84B-0D83DB101BBC"},{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*","versionEndExcluding":"10.12.206","matchCriteriaId":"4E686725-735A-47FC-87F1-A1899A916315"}]}]}],"references":[{"url":"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf","source":"product-security@axis.com","tags":["Vendor Advisory"]},{"url":"https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}