NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References
Link | Resource |
---|---|
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
20 Oct 2023, 18:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Axis p3265-v
Axis q1961-te Axis q1656-be Axis p1468-le Axis m4317-plve Axis m4318-plve Axis p3265-lve Axis p3267-lv Axis q2101-te Axis q1656-b Axis q3538-lve Axis q1656-ble Axis q1656-dle Axis p3267-lve Axis q3628-ve Axis p3827-pve Axis xfq1656 Axis q3536-lve Axis p1467-le Axis p3265-lv Axis axis Os Axis m4327-p Axis m4328-p Axis q1656-le Axis Axis q1656 Axis q3626-ve Axis p4705-plve Axis m3216 Axis a8207-ve Mk Ii Axis q3527-lve Axis p1468-xle Axis p3268-lve Axis m3215 Axis p3268-lv Axis p4707-plve |
|
CPE | cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:* cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:* cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:* cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory |
16 Oct 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 07:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-21414
Mitre link : CVE-2023-21414
CVE.ORG link : CVE-2023-21414
JSON object : View
Products Affected
axis
- m3216
- p4705-plve
- p1468-le
- q2101-te
- q1961-te
- q3527-lve
- p3267-lv
- q1656-b
- p3827-pve
- q1656-ble
- p3268-lve
- q1656-dle
- m4318-plve
- p1467-le
- q3628-ve
- q3626-ve
- q1656-le
- m4317-plve
- axis_os
- p3265-v
- q1656
- m4328-p
- m4327-p
- a8207-ve_mk_ii
- q3536-lve
- p3265-lve
- p3267-lve
- p3265-lv
- p3268-lv
- m3215
- p4707-plve
- q1656-be
- q3538-lve
- p1468-xle
- xfq1656
CWE