Axis Communications ACAP Applications Privilege Escalation Vulnerability

A vulnerability allowing privilege escalation has been identified in Axis devices running AXIS OS versions 12.0.0 through 12.9.31. This issue arises from improper input validation during the installation of ACAP applications, which can lead to elevated privileges. The vulnerability is exploitable only if the device is set to allow unsigned ACAP applications and if an attacker persuades a user to install a malicious application.

Impact

Exploitation of this vulnerability could allow unauthorized ACAP applications to gain elevated privileges, potentially leading to unauthorized access or control over the device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.9.32. Devices not included in this track but still under support will receive a patch according to their planned maintenance and release schedule. It is recommended to update to the latest Axis device software, available through the Axis vulnerability management portal.