AXIS OS Security Advisories

AXIS OS Security Advisories

The AXIS OS Security Advisories transparently lists both OpenSource and Axis vulnerabilities that have been brought to our attention. The purpose of the registry is to proactively raise awareness and communicate about vulnerabilities that have been analyzed for AXIS OS products.

AXIS OS devices are either running an AXIS OS LTS, active or product specific support track.
The majority of vulnerabilities reported are the result of security scanner audits that may remark vulnerabilities on Axis products falsely. To learn more about security scanner remarks, please visit the Axis OS Vulnerability Scanner Guide. For more information about Axis work with cybersecurity, see Cybersecurity resources

OpenSource and Axis vulnerabilities are listed below with CVE IDs (CVE = Common Vulnerabilities and Exposures).
Axis vulnerabilities were previously listed with ACV IDs (ACV = Axis Critical Vulnerability), which changed when Axis was approved as a CVE Numbering Authority (CNA) in April 2020.

Please contact Axis Technical Support in case you have found a CVE that was reported to be present in AXIS OS and is not registered below.

For more information when security patches are added to AXIS OS, please visit AXIS OS Release notes.

OpenSource

The OpenSource registry covers potential threats caused by 3rd part vulnerabilities of OpenSource components that are used in Axis products.

CVE 2023

CVE numberAffectedResult and information
CVE-2023-4807NoAXIS OS devices do not use Windows XMM registers.
CVE-2023-38408NoAXIS OS devices do not include the ssh-agent of OpenSSH.
CVE-2023-32001YesThe vulnerability ispatched by upgrading to cURL version 8.0.1.
CVE-2023-28322YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-28321YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-28320YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-28319YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-27538 YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-27537YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-27536YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-27535YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-27534 YesThe vulnerability is patched by upgrading to cURL version 8.0.1.
CVE-2023-27533 NoCurl´s GSS functionality is not used on AXIS OS devices.
CVE-2023-27522NoAXIS OS devices do not use the mod_proxy_uwsgi module.
CVE-2023-25690YesThe vulnerability is patched by upgrading to Apache version 2.4.56.
CVE-2023-25136YesAXIS OS devices are running a different OpenSSH version which is not affected.
CVE-2023-23916YesThe vulnerability is patched by upgrading to cURL version 7.88.1.
CVE-2023-23915NoAXIS OS devices are running a different cURL version which is not affected.
CVE-2023-23914NoAXIS OS devices are running a different cURL version which is not affected.
CVE-2023-22984YesThis vulnerability concerns an Axis product and old version that is not supported anymore.
Please follow our general security advisory about CSRF and XSS attacks how to mitigate these type of vulnerabilities.
CVE-2023-3817 YesThe vulnerability is patched by upgrading to OpenSSL version 1.1.1v.
CVE-2023-3446 YesThe vulnerability is patched by upgrading to OpenSSL version 1.1.1v.
CVE-2023-1018 No Through testing, the vulnerability cannot be exploited in TPM modules used by Axis devices.
CVE-2023-1017 NoThrough testing, the vulnerability cannot be exploited in TPM modules used by Axis devices.
CVE-2023-0466NoAXIS OS devices do not utilize non-default certificate policy validation
CVE-2023-0465NoAXIS OS devices do not utilize non-default certificate policy validation
CVE-2023-0464NoAXIS OS devices do not utilize non-default certificate policy validation
CVE-2023-0401NoAXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2023-0286 YesThe vulnerability is patched by upgrading to OpenSSL version 1.1.1t.
CVE-2023-0217NoAXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2023-0216NoAXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2023-0215YesThe vulnerability is patched by upgrading to OpenSSL version 1.1.1t.

CVE 2022

CVE numberAffectedResult and information
CVE-2022-46152YesThe vulnerability is patched on the AXIS OS active track and LTS 2022. Updating is recommended.
CVE-2022-43552NoHTTP proxy tunnel functionality is not enabled on AXIS OS devices.
CVE-2022-43551NoCurl´s HSTS functionality is not enabled on AXIS OS devices.
CVE-2022-4450 Yes The vulnerability is patched by upgrading to OpenSSL version 1.1.1t.
CVE-2022-4304YesThe vulnerability is patched by upgrading to OpenSSL version 1.1.1t.
CVE-2022-42916YesThe vulnerability is patched by upgrading to cURL version 7.86.0.
CVE-2022-42915YesThe vulnerability is patched by upgrading to cURL version 7.86.0.
CVE-2022-42889NoAXIS OS devices do not use the affected Apache Commons software package.
CVE-2022-42012NoWhile AXIS OS devices use some of the affected functions, all of these vulnerabilities require root access
to be exploited and when root access is gained, full control over the device is already established.
CVE-2022-42011NoWhile AXIS OS devices use some of the affected functions, all of these vulnerabilities require root access
to be exploited and when root access is gained, full control over the device is already established.
CVE-2022-42010NoWhile AXIS OS devices use some of the affected functions, all of these vulnerabilities require root access
to be exploited and when root access is gained, full control over the device is already established.
CVE-2022-4203NoAXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2022-37436YesThe vulnerability is patched by upgrading to Apache version 2.4.55.
CVE-2022-36760NoAXIS OS devices do not use the mod_proxy_ajp module.
CVE-2022-35260YesThe vulnerability is patched by upgrading to cURL version 7.86.0.
CVE-2022-35252NoAXIS OS devices do not use the cookie-engine of cURL.
CVE-2022-32221YesThe vulnerability is patched by upgrading to cURL version 7.86.0.
CVE-2022-32208NoAXIS OS devices do not have Kerberos enabled.
CVE-2022-32207YesThe vulnerability is patched by upgrading to cURL version 7.84.0.
CVE-2022-32206YesThe vulnerability is patched by upgrading to cURL version 7.84.0.
CVE-2022-32205YesThe vulnerability is patched by upgrading to cURL version 7.84.0.
CVE-2022-31813NoAXIS OS devices do not utilize IP based authentication.
CVE-2022-30556NoAXIS OS devices do not use the mod_lua module.
CVE-2022-30522NoAXIS OS devices do not use the mod_sed module.
CVE-2022-30295YesAffects AXIS P7701 Video Decoder.
Other Axis devices that are running the latest AXIS OS LTS or active version do not use
the uClibc or uClibc-ng library. We are currently awaiting the availability of an upstream patch
to be available to judge if we can provide a service release that patches this vulnerability.
CVE-2022-30115No
CVE-2022-29404NoAXIS OS devices do not use the mod_lua module.
CVE-2022-28861YesThis vulnerability applies to Citilog software, not a vulnerability in AXIS OS itself.
CVE-2022-28860YesThis vulnerability applies to Citilog software, not a vulnerability in AXIS OS itself.
CVE-2022-28615NoAXIS OS devices do not use the ap_strcmp_match() function.
CVE-2022-28614NoAXIS OS devices do not use the ap_rwrite() function.
CVE-2022-28330NoAXIS OS devices do not use the mod_isapi module.
CVE-2022-27782YesThe vulnerability is patched by upgrading to cURL 7.83.1.
CVE-2022-27781YesThe vulnerability is patched by upgrading to cURL 7.83.1.
CVE-2022-27780No
CVE-2022-27779No
CVE-2022-27778No
CVE-2022-27776YesThe vulnerability is patched in a timely manner on the AXIS OS active track and the LTS tracks.
CVE-2022-27775YesThe vulnerability is patched in a timely manner on the AXIS OS active track and the LTS tracks.
CVE-2022-27774YesThe vulnerability is patched in a timely manner on the AXIS OS active track and the LTS tracks.
CVE-2022-26377NoAXIS OS devices do not use the mod_proxy_ajp module.
CVE-2022-22965NoNot affected as JDK, Spring Cloud function and/or Apache Tomcat are not used.
CVE-2022-22963NoNot affected as JDK, Spring Cloud function and/or Apache Tomcat are not used.
CVE-2022-23943NoAXIS OS devices do not use the mod_sed module.
CVE-2022-22721NoWhile AXIS OS devices use the core module, the command LimitXMLRequestBody is unused.
CVE-2022-22720YesThe vulnerability is patched by upgrading to Apache version 2.4.53.
CVE-2022-22719NoAXIS OS devices do not use the mod_lua module.
CVE-2022-3786No AXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2022-3602NoAXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2022-2586YesAll Axis products with Linux Kernel version 4.14 and onwards are affected by this vulnerability.
Axis deems the severity of these vulnerabilities as low as it requires the attacker to be authenticated.
Only after successful authentication can this vulnerability be exploited (=local exploit).
We will provide patches for the Linux Kernel LTS versions that are affected in a timely manner.
CVE-2022-2585YesAll Axis products with Linux Kernel version 4.14 and onwards are affected by this vulnerability.
We are awaiting upstream patches for the Linux Kernel LTS versions that are affected.
The vulnerability is patched already for all Axis products with Linux Kernel version 5.15 and higher
and has been patched for a number of products on Linux Kernel version 4.19.
Axis deems the severity of these vulnerabilities as low as it requires the attacker to be authenticated.
Only after successful authentication can this vulnerability be exploited (=local exploit).
We will provide patches for the Linux Kernel LTS versions that are affected in a timely manner.
CVE-2022-2274NoAXIS OS devices are running a different OpenSSL track which is not affected.
CVE-2022-2097No AXIS OS devices do not use an x86 architecture.
CVE-2022-2068NoAXIS OS devices do not use the c_rehash script.
CVE-2022-1292No AXIS OS devices do not use the c_rehash script.
CVE-2022-0847NoThe affected Linux Kernel 5.8 is not used, AXIS OS devices utilizes lower versions of Linux Kernel on Linux Long-Term releases.
CVE-2022-0778YesThe vulnerability is patched by upgrading to OpenSSL version 1.1.1n.
CVE-2022-0336NoThis vulnerability is exploitable when Active Directory (AD/ADFS) services are used,
which is a functionality that is not supported in AXIS OS devices.

CVE 2021

CVE numberAffectedResult and information
CVE-2021-44790NoAXIS OS devices do not use the mod_lua module.
CVE-2021-44228 NoAXIS OS products only use the vanilla Apache webserver and not Apache Log4j, which is vulnerable.
A general statement for the Axis portfolio can be found here.
CVE-2021-44224YesThe vulnerability is patched by upgrading to Apache version 2.4.52.
CVE-2021-43523YesAffects AXIS P7701 Video Decoder.
Other Axis devices that are running the latest AXIS OS LTS or active version do not use the uClibc or uClibc-ng library.
We are currently awaiting the availability of an upstream patch to be available to judge
if we can provide a service release that patches this vulnerability.
CVE-2021-42013  No
CVE-2021-41773  No
CVE-2021-41617  NoNot affected since the AXIS OS configuration for SSH
doesn't include AuthorizedKeysCommand or AuthorizedPrincipalsCommand in its default configuration.
CVE-2021-41524  No
CVE-2021-40438  YesThe vulnerability is patched in AXIS OS active track and the LTS tracks
CVE-2021-40146  No
CVE-2021-39275  YesThe vulnerability is patched in AXIS OS active track and the LTS tracks
CVE-2021-36260 No
CVE-2021-36160  No
CVE-2021-34798  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2021-33910YesThe vulnerability has been patched. Updating is recommended.
CVE-2021-33558NoThe affected 3rd party component backup.html, preview.html, js/log.js, log.html, email.html,
online-users.html, and config.js
are not used in Axis products below version 5.70 that utilize the BOA webserver.
Axis products with 5.70 and higher utilize the Apache webserver where these vulnerabilities do not apply as the BOA webserver has been removed.
CVE-2021-33193  YesAffects AXIS OS 10.1 - 10.7. The vulnerability has been patched. Updating is recommended.
CVE-2021-32934  No
CVE-2021-31618  No
CVE-2021-31618  No
CVE-2021-31618  YesAffects AXIS OS 10.1 - 10.6. Has been patched in AXIS OS 10.7.
CVE-2021-30641  No
CVE-2021-29462YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2021-28372NoNot affected since AXIS OS doesn’t utilize the ThroughTek (TUTK) TCP/IP stack application.
CVE-2021-27365NoAXIS OS devices do not utilize ISCSI functionality.
CVE-2021-27219  YesThe vulnerability has been patched on the LTS tracks.
CVE-2021-27218  YesThe vulnerability has been patched on the LTS tracks.
CVE-2021-26691  No
CVE-2021-26690  No
CVE-2021-25677  No
CVE-2021-23841  No
CVE-2021-23840  No The vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2021-23839  No
CVE-2021-22947  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2021-22946  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2021-22945  No
CVE-2021-22901  No
CVE-2021-22898  No
CVE-2021-22897  No
CVE-2021-22890  NoThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2021-22876  No
CVE-2021-21727  No
CVE-2021-4160YesThe vulnerability is patched by upgrading to OpenSSL 1.1.1m.
CVE-2021-4104  NoAXIS OS products only use the vanilla Apache webserver and not Apache Log4j,
which is vulnerable. A general statement for the Axis portfolio can be found here.
CVE-2021-4034NoNot affected since the Polkit's (PolicyKit) pkexec component is not used.
CVE-2021-4032NoNot affected since x86-computing architecture platform is not used in AXIS OS products.
AXIS OS products utilize MIPS- and ARM-based computing architecture instead.
CVE-2021-3712  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2021-3658  YesAffects AXIS OS 8.40 LTS and 9.80 LTS. The vulnerability has been patched on the LTS tracks.
CVE-2021-3450  No
CVE-2021-3449  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.

CVE 2020

CVE numberAffectedResult and information
CVE-2020-35452  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2020-27738  No
CVE-2020-27737  No
CVE-2020-27736  No
CVE-2020-27009  No
CVE-2020-26558  YesAffects Axis body worn solution and Axis wireless cameras.
The vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2020-25112  No
CVE-2020-25111  No
CVE-2020-25110  No
CVE-2020-25109  No
CVE-2020-25108  No
CVE-2020-25107  No
CVE-2020-25066  No
CVE-2020-24383  No
CVE-2020-24341  No
CVE-2020-24340  No
CVE-2020-24339  No
CVE-2020-24338  No
CVE-2020-24337  No
CVE-2020-24336  No
CVE-2020-24335  No
CVE-2020-24334  No
CVE-2020-17470  No
CVE-2020-17469  No
CVE-2020-17468  No
CVE-2020-17467  No
CVE-2020-17445  No
CVE-2020-17444  No
CVE-2020-17443  No
CVE-2020-17442  No
CVE-2020-17441  No
CVE-2020-17440  No
CVE-2020-17439  No
CVE-2020-17438  No
CVE-2020-17437  No
CVE-2020-17049NoThis vulnerability is exploitable when Microsoft Kerberos services are used,
which is a functionality that is not supported in AXIS OS devices.
CVE-2020-15795  No
CVE-2020-14871  No
CVE-2020-13988  No
CVE-2020-13987  No
CVE-2020-13986  No
CVE-2020-13985  No
CVE-2020-13984  No
CVE-2020-13950  Yes The vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2020-13938  No
CVE-2020-13848  YesConcerned customers can temporarily disable the parameter Network.UPnP.Enabled in Plain config to mitigate this.
The vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2020-12695  No
CVE-2020-11993  No
CVE-2020-11984  No
CVE-2020-11899  No
CVE-2020-11898  No
CVE-2020-11897  No
CVE-2020-11896  No
CVE-2020-11023NoAxis deems the severity and impact of this vulnerability as low as it requires the attacker to be authenticated
and no known exploits are available to negatively affect the Axis product.
CVE-2020-11022NoAxis deems the severity and impact of this vulnerability as low as it requires the attacker to be authenticated
and no known exploits are available to negatively affect the Axis product.
CVE-2020-10713  No
CVE-2020-9770  YesAffects Axis body worn and wireless devices and will be patched in a timely manner on the AXIS OS active track and the LTS tracks.
CVE-2020-9490  YesProducts with AXIS OS 10.0 or lower are not affected.
For newer AXIS OS versions, the vulnerability has been patched on the AXIS OS active track. Updating is recommended.
CVE-2020-9308YesAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access
to be exploited and when root access is gained, full control over the device is already established.
CVE-2020-7461  No
CVE-2020-3120  No
CVE-2020-3119  No
CVE-2020-3118  No
CVE-2020-3111  No
CVE-2020-3110  No
CVE-2020-1971  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2020-1967  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2020-1938  No
CVE-2020-1934  No
CVE-2020-1927  YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2020-1472NoThis vulnerability is exploited when the configuration property "server schannel" is enabled.
This is not supported in AXIS OS devices, instead default settings are used which are deemed secure.

CVE 2019

CVE numberAffectedResult and information
CVE-2019-1000020NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2019-1000019NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2019-19221NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2019-17567  YesAffects Axis door stations/intercoms. The vulnerability has been patched. Updating is recommended.
CVE-2019-15916YesAffects LTS 2016. The vulnerability has been patched. Updating is recommended.
CVE-2019-12450  YesAffects LTS 2018 and LTS 2016. The vulnerability has been patched.
CVE-2019-11358YesAxis deems the severity and impact of this vulnerability as low as it requires the attacker to be authenticated and no known exploits are available to negatively affect the Axis product.
CVE-2019-11135  No
CVE-2019-11091  No
CVE-2019-10744  No
CVE-2019-9517YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks. Updating is recommended.
CVE-2019-1563No
CVE-2019-1559No
CVE-2019-1551  No
CVE-2019-1547No
CVE-2019-1125  No

CVE 2018

CVE numberAffectedResult and information
CVE-2018-1000880NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2018-1000879NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2018-1000878 NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2018-1000877 NoAXIS OS devices use a different (not affected) version of libarchive or affected functions require root access to be exploited and when root access is gained, full control over the device is already established.
CVE-2018-25032YesThe vulnerability has been patched on the AXIS OS active track and the LTS tracks.
CVE-2018-12207  No
CVE-2018-12130  No
CVE-2018-12127  No
CVE-2018-12126  No
CVE-2018-10938 NoAxis OS devices do not utilize CONFIG_NETLABEL set. Additionally, the vulnerability was fixed in 4.9.125 and AXIS OS devices uses 4.9.206.
CVE-2018-3646  No
CVE-2018-3639  No
CVE-2018-3620  No
CVE-2018-3615  No
CVE-2018-1285NoNot affected since Apache log4net is not used in AXIS OS.

CVE 2017

CVE numberAffectedResult and information
CVE-2017-9833NoThe affected 3rd party component /cgi-bin/wapopen is not used in Axis products below version 5.70 that utilize the BOA webserver. Furthermore, input validation in our APIs are used which would prevent injections. Axis products with 5.70 and higher utilize the Apache webserver where these vulnerabilities do not apply as the BOA webserver has been removed.
CVE-2017-5754  No
CVE-2017-5753  YesAxis has delivered patches to the affected products.
CVE-2017-5715  YesAxis has delivered patches to the affected products.

CVE 2016

CVE numberAffectedResult and information
CVE-2016-20009  No
CVE-2016-8863  YesAxis has delivered patches to the affected products.
CVE-2016-7409  No
CVE-2016-7408  No
CVE-2016-7407  No
CVE-2016-7406  No
CVE-2016-6255  YesAxis has delivered patches to the affected products.
CVE-2016-2183  YesThe vulnerability has been patched on the active track and the LTS tracks.
CVE-2016-2147  YesAxis has delivered patches to the affected products.
CVE-2016-2148  YesAxis has delivered patches to the affected products.

CVE 2015

CVE numberAffectedResult and information
CVE-2015-7547  YesAxis has delivered patches to the affected products.
CVE-2015-0235  YesAxis has delivered patches to the affected products.
CVE-2015-0204No

CVE 2014-1999

CVE numberAffectedResult and information
CVE-2014-6271  No
CVE-2014-3566  YesAxis has delivered patches to the affected products.
CVE-2014-0224  YesAxis has delivered patches to the affected products.
CVE-2014-0160  No
CVE-2013-0156NoAXIS OS devices do not use Ruby on Rails.
CVE-2011-3389No
CVE-2009-1955  No
CVE-2007-6750  No
CVE-2007-6514  No
CVE-2006-20001No AXIS OS devices do not use the mod_dav module.
CVE-2005-1797  No
CVE-2005-0088  No
CVE-2002-20001YesThis is a known limitation of asymmetric cryptography and is not considered relevant by Axis since the web server in Axis devices supports only 20 concurrent connections at a time, which renders the attack vector ineffective. It’s recommended to use symmetric cryptography instead when connecting to Axis devices.
CVE-2002-0185  No
CVE-1999-1412  No
CVE-1999-1237  No

Axis

The Axis registry covers vulnerabilities that are specific to Axis products and AXIS OS components. Axis strongly recommends to patch affected devices.

Axis CVE 2023

CVE numberResult and information
CVE-2023-21412The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2023-21411The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2023-21410The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2023-21409The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2023-21408The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2023-21407The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2023-21406The vulnerability has been patched to the affected application. See Axis Security Advisory for more information.
CVE-2023-21405The vulnerability has been patched to the affected application. See Axis Security Advisory for more information.
CVE-2023-21404The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.

Axis CVE 2022-2021

CVE numberResult and information
CVE-2022-23410The vulnerability has been patched to the affected application. See Axis Security Advisory for more information.
CVE-2021-31989The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2021-31988The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2021-31987The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2021-31986The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.

Axis CVE 2018

CVE numberResult and information
CVE-2018-10664The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-10663The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-10662The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-10661The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-10660The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-10659The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-10658The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2018-9158 The vulnerability has been patched to the affected products.
CVE-2018-9157Disputed. This is an intended feature/functionality.
CVE-2018-9156Disputed. This is an intended feature/functionality.

Axis CVE 2017

CVE numberResult and information
CVE-2017-20050This CVE has been rejected as we are lacking information on how to reproduce this vulnerability.
CVE-2017-20049The vulnerability has been patched to the affected products, see Axis Security Advisory for more information.
CVE-2017-20048This CVE has been rejected as it is out-of-scope in accordance with our vulnerability management policy.
CVE-2017-20047This CVE has been rejected as it is out-of-scope in accordance with our vulnerability management policy.
CVE-2017-20046This CVE has been rejected as it is out-of-scope in accordance with our vulnerability management policy
CVE-2017-15885The vulnerability has been patched to the affected products.
CVE-2017-12413The vulnerability has been patched to the affected products.

Axis CVE 2016-2013

CVE numberResult and information
CVE-2016-AXIS-0812The vulnerability has been patched to the affected products.
CVE-2015-8258The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2015-8257The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2015-8256The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2015-8255The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
CVE-2013-3543The vulnerability has been patched to affected AMC (AXIS Media Control) in AMC 6.3.8.0.

Axis CVE 2008-2000

CVE numberResult and information
CVE-2008-5260The vulnerability has been patched to the affected products.
CVE-2007-5214The vulnerability has been patched to the affected products.
CVE-2007-5213The vulnerability has been patched to the affected products.
CVE-2007-5212The vulnerability has been patched to the affected products.
CVE-2007-4930The vulnerability has been patched to the affected products.
CVE-2007-4929The vulnerability has been patched to the affected products.
CVE-2007-4928The vulnerability has been patched to the affected products.
CVE-2007-4927The vulnerability has been patched to the affected products.
CVE-2007-4926The vulnerability has been patched to the affected products.
CVE-2007-2239The vulnerability has been patched to the affected products.
CVE-2004-2427The vulnerability has been patched to the affected products.
CVE-2004-2426The vulnerability has been patched to the affected products.
CVE-2004-2425The vulnerability has been patched to the affected products.
CVE-2004-0789 The vulnerability has been patched to the affected products.
CVE-2003-1386The vulnerability has been patched to the affected products.
CVE-2003-0240The vulnerability has been patched to the affected products.
CVE-2001-1543The vulnerability has been patched to the affected products.
CVE-2000-0191The vulnerability has been patched to the affected products.
CVE-2000-0144The vulnerability has been patched to the affected products.

ACV

CVE numberResult and information
ACV-2020-100004The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
ACV-165813The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
ACV-147453The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
ACV-128401The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
ACV-120444The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.
ACV-116267The vulnerability has been patched to the affected products. See Axis Security Advisory for more information.

Other

This section covers vulnerabilities that are not classified as CVEs but have been investigated by Axis.

TitleDetails
ONVIF / WS Discovery DDoS AttacksStatement for ONVIF-capable devices vulnerable for DDoS exploit.
Cross-Site Request Forgery (CSRF)

Statement for Cross-Site Request Forgery in Axis products.