CVE-2022-23410
First published: Mon Feb 14 2022(Updated: )
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
Credit: product-security@axis.com product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AXIS IP Utility | <4.18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-23410?
The severity of CVE-2022-23410 is high, with a severity value of 7.8.
What vulnerability does CVE-2022-23410 exploit?
CVE-2022-23410 exploits DLL hijacking, allowing for remote code execution and local privilege escalation.
Which version of AXIS IP Utility is affected by CVE-2022-23410?
AXIS IP Utility version up to exclusive 4.18.0 is affected by CVE-2022-23410.
How can an attacker exploit CVE-2022-23410?
An attacker can exploit CVE-2022-23410 by placing a compromised DLL in the same folder as IPUtility.exe, which would lead to remote code execution.
Is there a fix available for CVE-2022-23410?
Yes, upgrading to AXIS IP Utility version 4.18.0 or later fixes the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/axis
- canonical/axis ip utility