NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References
| Link | Resource |
|---|---|
| https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf | Vendor Advisory |
| https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
21 Nov 2024, 07:42
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| References | () https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory |
08 Nov 2024, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-121 |
20 Oct 2023, 18:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
| CWE | NVD-CWE-noinfo | |
| First Time |
Axis p3267-lve
Axis q3527-lve Axis q3626-ve Axis m4317-plve Axis q3628-ve Axis m4328-p Axis p1468-le Axis p3267-lv Axis q1656-b Axis q1656-dle Axis p3827-pve Axis xfq1656 Axis p1468-xle Axis q3538-lve Axis p4705-plve Axis m3216 Axis p3268-lv Axis axis Os Axis p4707-plve Axis Axis q2101-te Axis q3536-lve Axis a8207-ve Mk Ii Axis p3265-lve Axis p3265-v Axis p3265-lv Axis m4318-plve Axis p1467-le Axis q1656-be Axis q1656 Axis p3268-lve Axis q1656-ble Axis m3215 Axis q1656-le Axis m4327-p Axis q1961-te |
|
| CPE | cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:* cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:* cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:* cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:* cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:* cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:* cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:* |
16 Oct 2023, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-16 07:15
Updated : 2024-11-21 07:42
NVD link : CVE-2023-21414
Mitre link : CVE-2023-21414
CVE.ORG link : CVE-2023-21414
JSON object : View
Products Affected
axis
- q3527-lve
- p3265-lv
- q3538-lve
- p3265-v
- q1656
- q3626-ve
- q1961-te
- m4317-plve
- m3216
- q3536-lve
- p3827-pve
- p4707-plve
- p3267-lv
- m4327-p
- p1468-le
- m3215
- q1656-b
- q1656-le
- p3265-lve
- q2101-te
- m4328-p
- p1467-le
- p3267-lve
- a8207-ve_mk_ii
- q1656-be
- axis_os
- p3268-lv
- q1656-dle
- p1468-xle
- xfq1656
- p3268-lve
- m4318-plve
- p4705-plve
- q3628-ve
- q1656-ble
CWE