CVE-2024-7696

N/A

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

日志输出的转义处理不恰当

AXIS Camera Station Pro 安全漏洞

AXIS Camera Station Pro是瑞典安讯士（AXIS）公司的一个强大且灵活的视频管理和访问控制。 AXIS Camera Station Pro 6.5之前版本存在安全漏洞，该漏洞源于经过认证的恶意客户端可以篡改审计日志创建，或通过恶意构建的审计日志条目对服务器执行拒绝服务攻击。

N/A

N/A