Axis Communications ACAP Privilege Escalation Vulnerability

A vulnerability exists in Axis devices running AXIS OS versions 12.0.0 through 12.5.30, allowing ACAP applications to be executed with elevated privileges. This could lead to unauthorized privilege escalation. The vulnerability can be exploited only if the device is set to permit the installation of unsigned ACAP applications, and if an attacker persuades a user to install a malicious ACAP application.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user to gain elevated rights or access on the affected device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.5.31. For devices not included in this track but still under support, patches will be provided according to the planned maintenance and release schedule. Users are advised to update their Axis device software to the latest version available.