Description
Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- Axis Communications AB / AXIS Camera Station<5.57.33556 – <5.57.33556
- Axis Communications AB / AXIS Camera Station Pro<6.4 – <6.4