A critical vulnerability has been identified in AxxonSoft Axxon One, stemming from a vulnerable third-party component within its PostgreSQL backend. This flaw allows a remote, unauthenticated attacker to escalate privileges and execute arbitrary code, potentially leading to a complete compromise of the affected video management system and the underlying server. Due to the critical severity (CVSS 9.8), immediate remediation is required to prevent system takeover and data breaches.

The vulnerability, classified as CWE-1395 (Dependency on Vulnerable Third-Party Component), exists in the PostgreSQL backend used by AxxonSoft Axxon One. The software incorporates a version of PostgreSQL that contains a known, critical vulnerability. A remote attacker can exploit this underlying flaw in the database component to escalate privileges and achieve remote code execution on the server hosting the Axxon One software, without requiring prior authentication.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the Axxon One video management system. The potential business impact includes the theft of sensitive video surveillance data, manipulation or deletion of recordings, and disabling of security monitoring capabilities. Furthermore, an attacker could use the compromised server as a foothold to pivot and launch further attacks against the internal corporate network, significantly escalating the scope and impact of the breach.

Immediate Action: Apply the vendor-supplied security updates to all AxxonSoft Axxon One installations immediately to upgrade the vulnerable PostgreSQL component to a patched version. After patching, review system and database access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Monitor network traffic for unusual connections to the PostgreSQL database port (typically TCP 5432) from untrusted sources. Scrutinize Axxon One application logs and server system logs for unexpected processes, errors, or privilege escalation events. Implement alerts for high-volume or malformed database queries that could indicate an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to restrict access to the PostgreSQL port from all but the necessary application servers. Deploy an Intrusion Prevention System (IPS) with signatures capable of detecting and blocking known PostgreSQL exploits. Ensure host-based security solutions are enabled and configured to detect anomalous process execution on the server.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability represents a severe and immediate risk to the organization. We strongly recommend that all affected AxxonSoft Axxon One systems be patched on an emergency basis. Although this CVE is not currently listed on the CISA KEV catalog, its high severity and the potential for complete system compromise make it a high-priority target for threat actors. Prioritize the deployment of vendor patches to prevent a potentially devastating security incident.