CVE-2023-21414
published 2023-10-16CVE-2023-21414: NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as…
medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | axis_os | < 11.6.94 | 11.6.94 |
| axis | axis_os | >= 10.11.55 < 10.12.206 | 10.12.206 |
| axis | axis_os | >= 11.0.89 < 11.6.94 | 11.6.94 |
| axis_communications_ab | axis_a8207-ve_mk_ii | — | — |
| axis_communications_ab | axis_os | — | — |
| axis_communications_ab | axis_q3527-lve | — | — |