How severe is CVE-2023-21417?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-21417?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2023-21417 - HIGH Severity | CVSS 7.1

Vulnerability Description

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Related Vulnerabilities

CVE-2022-36928

HIGH

CVSS:7.1(High)

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

CWE-352022

CVE-2023-21418

HIGH

CVSS:7.1(High)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploit...

CWE-352023

CVE-2024-27901

HIGH

CVSS:7.2(High)

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a consider...

CWE-352024

CVE-2025-26354

HIGH

CVSS:7.2(High)

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive fil...

CWE-352025

CVE-2025-26356

HIGH

CVSS:7.2(High)

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitiv...

CWE-352025

CVE-2023-7263

HIGH

CVSS:7.3(High)

Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ...

CWE-352023