{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47261", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2024-09-23T16:37:50.255Z", "datePublished": "2025-04-08T05:33:58.782Z", "dateUpdated": "2025-04-08T14:50:58.877Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS OS", "vendor": "Axis Communications AB", "versions": [{"lessThan": "10.12.276", "status": "affected", "version": "10.12.0", "versionType": "semver"}, {"lessThan": "11.11.141", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThan": "12.3.56", "status": "affected", "version": "12.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API <i>uploadoverlayimage.cgi</i> did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. <br>"}], "value": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-08T05:33:58.782Z"}, "references": [{"url": "https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T13:15:26.591752Z", "id": "CVE-2024-47261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:50:58.877Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T13:15:26.591752Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:22:09.498Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS OS", "versions": [{"status": "affected", "version": "10.12.0", "lessThan": "10.12.276", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThan": "11.11.141", "versionType": "semver"}, {"status": "affected", "version": "12.0.0", "lessThan": "12.3.56", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.", "supportingMedia": [{"type": "text/html", "value": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API <i>uploadoverlayimage.cgi</i> did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. <br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-08T05:33:58.782Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47261", "state": "PUBLISHED", "dateUpdated": "2025-04-08T14:50:58.877Z", "dateReserved": "2024-09-23T16:37:50.255Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2025-04-08T05:33:58.782Z", "assignerShortName": "Axis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "matchCriteriaId": "C2765144-494D-46B2-A6F2-721135F5EE7F", "versionEndExcluding": "12.3.56", "versionStartIncluding": "10.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", "matchCriteriaId": "2E526168-18C5-4812-B171-786FA1AE0776", "versionEndExcluding": "10.12.276", "vulnerable": true}, {"criteria": "cpe:2.3:o:axis:axis_os_2024:*:*:*:*:lts:*:*:*", "matchCriteriaId": "0ECE61EC-B83D-4222-A57A-9D8E7F42FDAA", "versionEndExcluding": "11.11.141", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device."}, {"lang": "es", "value": "51l3nc3, miembro del programa de recompensas por errores de AXIS OS, descubri\u00f3 que la API de VAPIX uploadoverlayimage.cgi no ten\u00eda suficiente validaci\u00f3n de entrada para permitir que un atacante cargara archivos para bloquear el acceso para crear superposiciones de im\u00e1genes en la interfaz web del dispositivo Axis."}], "id": "CVE-2024-47261", "lastModified": "2026-01-14T14:46:03.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "product-security@axis.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-08T06:15:43.053", "references": [{"source": "product-security@axis.com", "tags": ["Vendor Advisory"], "url": "https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "product-security@axis.com", "type": "Secondary"}]}

{}

{}