CVE-2023-5677 MEDIUM

CVE-2023-5677

Vendor Axis Communications Ab

Product AXIS OS

Weakness CWE-78

Published February 5, 2024

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution.

Key dates

02Disclosure timeline

February 5, 2024 CVE published

June 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5677

Related vulnerabilities

Identifiers

CVE CVE-2023-5677

CWE CWE-78

CVSS 6.3 / MEDIUM

Affected versions

Vendor Axis Communications Ab

Product AXIS OS

Affected AXIS OS 5.51

Vendor Axis Communications Ab

Product AXIS OS

Affected AXIS OS 6.50

CVE-2023-5677

01Description

02Disclosure timeline

03References

04Related CVE