CVE-2024-6979
First published: Tue Sep 10 2024(Updated: )
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. Axis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Credit: product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AXIS OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6979?
CVE-2024-6979 has a low severity due to the complex steps required for exploitation.
How do I fix CVE-2024-6979?
To fix CVE-2024-6979, update your AXIS OS to the latest version provided by Axis.
What does CVE-2024-6979 exploit?
CVE-2024-6979 exploits broken access controls that grant excessive privileges to less-privileged operator and viewer accounts.
Who discovered CVE-2024-6979?
CVE-2024-6979 was discovered by Amin Aliakbari, a member of the AXIS OS Bug Bounty Program.
What software is affected by CVE-2024-6979?
CVE-2024-6979 affects the AXIS OS software from Axis.
- agent/description
- agent/type
- agent/references
- agent/first-publish-date
- agent/severity
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/axis
- canonical/axis os