Detections
Analytics

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8160)

low Tenable OT Security Plugin ID 505526

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection to transfer files to/from the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis has released patched AXIS OS versions for this flaw.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Upgrade AXIS OS according to the vendor advisory (fixed in 12.1.21 on the active track and 11.11.116 on the 2024 LTS track, among other tracks).

See Also

http://www.nessus.org/u?6b5b7aa6

Plugin Details

Severity: Low

ID: 505526

File Name: tenable_ot_axiscommunication_CVE-2024-8160.nasl

Version: 1.1

Type: Remote

Family: Tenable.ot

Published: 6/30/2026

Updated: 6/30/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v3

Risk Factor: Low

Base Score: 2.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/o:axis:axis_os_firmware

Required KB Items: Tenable.ot/AxisCommunication

Patch Publication Date: 11/26/2024

Vulnerability Publication Date: 11/26/2024

Reference Information

CVE: CVE-2024-8160

CWE: 1286