CVE-2023-5800

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Published: Feb 5, 2024
Updated: May 4, 2025
CVE: CVE-2023-5800
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
axis / axis_os	-	11.8.61
axis / axis_os_2022	-	10.12.220
axis / axis_os_2020	-	9.80.55

https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf

Vulnerability Database

290,300

CVE-2023-5800