How severe is CVE-2023-21416?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-21416?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2023-21416 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Related Vulnerabilities

CVE-2021-1355

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1357

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2023-39916

MEDIUM

CVSS:6.5(Medium)

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the cont...

CWE-352023

CVE-2023-5885

MEDIUM

CVSS:6.5(Medium)

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

CWE-352023

CVE-2024-10857

MEDIUM

CVSS:6.5(Medium)

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient fil...

CWE-352024

CVE-2024-12087

MEDIUM

CVSS:6.5(Medium)

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even i...

CWE-352024