CVE-2023-5553 — Incorrect Authorization in OS

CWE-863 — Incorrect Authorization CWE-693 — Protection Mechanism Failure4 documents4 sources

Severity

6.8MEDIUMNVD

CNA7.6

EPSS

0.0%

top 90.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis OS Axis OS 2022 Axis Communications AB Axis OS

Timeline

PublishedNov 21

Description

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶NVDaxis/axis_os10.8 — 11.7.57

▶NVDaxis/axis_os_2022< 10.12.213

▶CVEListV5axis_communications_ab/axis_osAXIS OS 10.8 - 11.6

🔴Vulnerability Details

CVEList

CVE-2023-5553: During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Se↗2023-11-21

▶

GHSA

GHSA-v5cr-hwcx-r95m: During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Se↗2023-11-21

▶

💥Exploits & PoCs

Exploit-DB

TP-Link Archer AX21 - Unauthenticated Command Injection↗2023-08-10

▶