Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Published

2023-10-16T07:15:08.680

Last Modified

2024-11-21T07:42:48.913

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System axis axis_os < 10.12.206 Yes
Operating System axis axis_os < 11.6.94 Yes
Hardware axis m3215 - No
Hardware axis m3216 - No
Hardware axis m4317-plve - No
Hardware axis m4318-plve - No
Hardware axis m4327-p - No
Hardware axis m4328-p - No
Hardware axis p1467-le - No
Hardware axis p1468-le - No
Hardware axis p1468-xle - No
Hardware axis p3265-lv - No
Hardware axis p3265-lve - No
Hardware axis p3265-v - No
Hardware axis p3267-lv - No
Hardware axis p3267-lve - No
Hardware axis p3268-lv - No
Hardware axis p3268-lve - No
Hardware axis p3827-pve - No
Hardware axis p4705-plve - No
Hardware axis p4707-plve - No
Hardware axis q1656 - No
Hardware axis q1656-b - No
Hardware axis q1656-be - No
Hardware axis q1656-ble - No
Hardware axis q1656-dle - No
Hardware axis q1656-le - No
Hardware axis q1961-te - No
Hardware axis q2101-te - No
Hardware axis q3536-lve - No
Hardware axis q3538-lve - No
Hardware axis q3626-ve - No
Hardware axis q3628-ve - No
Hardware axis xfq1656 - No
Operating System axis axis_os < 11.6.94 Yes
Hardware axis a8207-ve_mk_ii - No
Operating System axis axis_os < 10.12.206 Yes
Operating System axis axis_os < 11.6.94 Yes
Hardware axis q3527-lve - No
References