Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-21414

Опубликовано: 16 окт. 2023
Источник: nvd
CVSS3: 7.1
CVSS3: 6.8
EPSS Низкий

Описание

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
Версия от 10.11.55 (включая) до 10.12.206 (исключая)
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия от 11.0.89 (включая) до 11.6.94 (исключая)

Одно из

cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия до 11.6.94 (исключая)
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
Версия от 10.11.55 (включая) до 10.12.206 (исключая)
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия от 11.0.89 (включая) до 11.6.94 (исключая)
cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.00012
Низкий

7.1 High

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-121
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-q9v9-cm52-vqj5

CVSS3: 7.1
github
больше 2 лет назад

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

EPSS

Процентиль: 1%
0.00012
Низкий

7.1 High

CVSS3

6.8 Medium

CVSS3

Дефекты

CWE-121
NVD-CWE-noinfo