CVE-2024-0066

Published: Jun 18, 2024Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: product-security@axis.com (Secondary)

Description

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf

Source: product-security@axis.com

https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.