{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"AXIS IP Utility","vendor":"Axis Communications AB","versions":[{"status":"affected","version":"All version prior to 4.18.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.</p>"}],"value":"AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"CWE-427 Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f2daf9a0-02c2-4b83-a01d-63b3b304b807","shortName":"Axis","dateUpdated":"2024-11-08T08:21:37.447Z"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"product-security@axis.com","ID":"CVE-2022-23410","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"All version prior to 4.18.0"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote code execution and local privilege escalation by the means of DLL hijacking"}]}]},"references":{"reference_data":[{"name":"https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf","refsource":"MISC","url":"https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:43:46.003Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf"}]}]},"cveMetadata":{"assignerOrgId":"f2daf9a0-02c2-4b83-a01d-63b3b304b807","assignerShortName":"Axis","cveId":"CVE-2022-23410","datePublished":"2022-02-14T21:04:28.000Z","dateReserved":"2022-01-18T00:00:00.000Z","dateUpdated":"2024-11-08T08:21:37.447Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}