CVE-2024-0066
First published: Tue Jun 18 2024(Updated: )
Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Credit: product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AXIS AXIS OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-0066?
CVE-2024-0066 has a medium severity rating as it may expose sensitive traffic if O3C is enabled.
How do I fix CVE-2024-0066?
To fix CVE-2024-0066, upgrade to the patched versions of AXIS OS released by Axis.
What devices are affected by CVE-2024-0066?
CVE-2024-0066 affects Axis devices that use the O3C feature in AXIS OS.
Is there a workaround for CVE-2024-0066?
If you are not using the O3C feature, there is no impact from CVE-2024-0066.
Who discovered CVE-2024-0066?
CVE-2024-0066 was discovered by Johan Fagerström as part of the AXIS OS Bug Bounty Program.
- agent/type
- agent/references
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/axis
- canonical/axis axis os