Primary

Context

Axis VAPIX Device Configuration Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the VAPIX Device Configuration framework of Axis products running AXIS OS versions 12.0 through 12.3. This vulnerability allows a lower-privileged user to gain administrator rights. The issue was discovered during a penetration test conducted for Axis Communications by Truesec.

Impact

Exploitation of this vulnerability allows lower-privileged users to gain administrator privileges on the affected device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.4.0. Devices not included in this track but still under support will receive a patch according to their planned maintenance and release schedule. Users are advised to update their Axis device software to the latest version available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis VAPIX Device Configuration Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Axis AXIS OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating