Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-21414
PUBLISHED
More InfoOfficial Page
Assigner-Axis
Assigner Org ID-f2daf9a0-02c2-4b83-a01d-63b3b304b807
View Known Exploited Vulnerability (KEV) details
Published At-16 Oct, 2023 | 06:18
Updated At-08 Nov, 2024 | 08:32
Rejected At-
▼CVE Numbering Authority (CNA)

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected Products
Vendor
Axis Communications AB
Product
AXIS OS
Platforms
  • ARTPEC 8
Default Status
unaffected
Versions
Affected
  • AXIS OS 10.11 - 11.5
Vendor
Axis Communications AB
Product
AXIS A8207-VE Mk II
Default Status
unaffected
Versions
Affected
  • AXIS OS 11.5 or earlier
Vendor
Axis Communications AB
Product
AXIS Q3527-LVE
Default Status
unaffected
Versions
Affected
  • AXIS OS 10.11 - 11.5
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf
N/A
Hyperlink: https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf
x_transferred
Hyperlink: https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
axis
Product
axis_os
CPEs
  • cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*
Default Status
unknown
Versions
Affected
  • From 10.11 through 11.5 (custom)
Vendor
axis
Product
a8207-ve_mk_ii
CPEs
  • cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 11.5 (custom)
Vendor
axis
Product
q3527-lve
CPEs
  • cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 10.11 through 11.5 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found