CVE-2023-21404

CWE-321CWE-3113 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 62.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Axis Axis OSAxis Communications AB Axis OS
Timeline
PublishedMay 8

Description

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5axis_communications_ab/axis_osAXIS OS 11.0.X - 11.3.x
NVDaxis/axis_os11.0.8911.4.52

🔴Vulnerability Details

2
GHSA
GHSA-cv37-j7vw-c2gc: AXIS OS 112023-05-08
CVEList
CVE-2023-21404: AXIS OS 112023-05-08
CVE-2023-21404 (MEDIUM CVSS 5.3) | AXIS OS 11.0.X - 11.3.x use a stati | cvebase.io