CVE-2024-7696 MEDIUM

CVE-2024-7696

Vendor Axis Communications Ab
Product AXIS Camera Station Pro
Weakness CWE-117
Published January 7, 2025
Last update January 7, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Key dates

02Disclosure timeline

January 7, 2025 CVE published
January 7, 2025 Record updated