CVE-2024-7696

MEDIUM

AXIS Camera Station Pro < 6.5.35848 - Authenticated Denial of Service via Audit Log Tampering

Title source: llm

Description

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

References (1)

Core 1

Core References

Vendor Advisory

https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en-US-459552.pdf

Scores

CVSS v3 6.3

EPSS 0.0022

EPSS Percentile 12.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-117

Status published

Products (1)

axis/camera_station_pro < 6.5.35848

Published Jan 07, 2025

Tracked Since Feb 18, 2026