CVE-2023-21414

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 98.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Axis Axis OSAxis Communications AB Axis A8207-ve MK IIAxis Communications AB Axis OS+1 more
Timeline
PublishedOct 16

Description

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.5 | Impact: 6.0

Affected Packages4 packages

CVEListV5axis_communications_ab/axis_osAXIS OS 10.11 - 11.5
CVEListV5axis_communications_ab/axis_q3527-lveAXIS OS 10.11 - 11.5
CVEListV5axis_communications_ab/axis_a8207-ve_mk_iiAXIS OS 11.5 or earlier
NVDaxis/axis_os10.11.5510.12.206+2

🔴Vulnerability Details

2
CVEList
CVE-2023-21414: NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications2023-10-16
GHSA
GHSA-q9v9-cm52-vqj5: NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications2023-10-16
CVE-2023-21414 (MEDIUM CVSS 6.8) | NCC Group has found a flaw during t | cvebase.io