Search

Find a vulnerability

Search criteria

    1 vulnerability found for Camera Station by Axis

    CERTFR-2024-AVI-1035

    Vulnerability from certfr_avis - Published: 2024-12-03 - Updated: 2024-12-03

    De multiples vulnérabilités ont été découvertes dans les produits Axis. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Axis Axis OS Axis OS LTS 2020 versions 9.80.x antérieures à 9.80.84 sans les derniers correctifs de sécurité
    Axis Axis OS Axis OS Active Track versions 12.1.x antérieures à 12.1.28 sans les derniers correctifs de sécurité
    Axis P1428-E Network Camera P1428-E Network Camera avec AXIS OS (anciennement LTS) versions antérieures à 6.50.5.19 sans les derniers correctifs de sécurité
    Axis Camera Station Pro Camera Station Pro versions antérieures à 6.4
    Axis Q6128-E PTZ Network Camera Q6128-E PTZ Network Camera avec AXIS OS (anciennement LTS) versions antérieures à 6.50.5.19 sans les derniers correctifs de sécurité
    Axis Axis OS Axis OS LTS 2022 versions 10.12.x antérieures à 10.12.259 sans les derniers correctifs de sécurité
    Axis Camera Station AXIS Camera Station versions antérieures à 5.57.33556
    Axis Axis OS Axis OS LTS 2024 versions 11.11.x antérieures à 11.11.118 sans les derniers correctifs de sécurité
    References

    Show details on source website
    To clipboard 

    {
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Axis OS LTS 2020 versions 9.80.x ant\u00e9rieures \u00e0 9.80.84 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Axis OS",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "Axis OS Active Track versions 12.1.x ant\u00e9rieures \u00e0 12.1.28 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Axis OS",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "P1428-E Network Camera avec AXIS OS (anciennement LTS) versions ant\u00e9rieures \u00e0 6.50.5.19 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "P1428-E Network Camera",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "Camera Station Pro versions ant\u00e9rieures \u00e0 6.4",
      "product": {
        "name": "Camera Station Pro",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "Q6128-E PTZ Network Camera avec AXIS OS (anciennement LTS) versions ant\u00e9rieures \u00e0 6.50.5.19 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Q6128-E PTZ Network Camera",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "Axis OS LTS 2022 versions 10.12.x ant\u00e9rieures \u00e0 10.12.259 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Axis OS",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS Camera Station versions ant\u00e9rieures \u00e0 5.57.33556",
      "product": {
        "name": "Camera Station",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "Axis OS LTS 2024 versions 11.11.x ant\u00e9rieures \u00e0 11.11.118 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Axis OS",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8772"
    },
    {
      "name": "CVE-2024-6749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6749"
    },
    {
      "name": "CVE-2024-6476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6476"
    },
    {
      "name": "CVE-2024-6831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6831"
    },
    {
      "name": "CVE-2024-8160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8160"
    },
    {
      "name": "CVE-2024-47257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47257"
    }
  ],
  "initial_release_date": "2024-12-03T00:00:00",
  "last_revision_date": "2024-12-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1035",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
  "vendor_advisories": [
    {
      "published_at": "2024-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2024-47257pdf-en-US-458044",
      "url": "https://www.axis.com/dam/public/b7/76/b2/cve-2024-47257pdf-en-US-458044.pdf"
    },
    {
      "published_at": "2024-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2024-6476pdf-en-US-455104",
      "url": "https://www.axis.com/dam/public/e5/24/82/cve-2024-6476pdf-en-US-455104.pdf"
    },
    {
      "published_at": "2024-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2024-6831-en-US-455107",
      "url": "https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en-US-455107.pdf"
    },
    {
      "published_at": "2024-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2024-6749-en-US-455106",
      "url": "https://www.axis.com/dam/public/e6/e8/1e/cve-2024-6749-en-US-455106.pdf"
    },
    {
      "published_at": "2024-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2024-8160pdf-en-US_InternalID-231071",
      "url": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf"
    },
    {
      "published_at": "2024-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2024-8772pdf-en-US_InternalID-231072",
      "url": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf"
    }
  ]
}