CVE-2023-21414

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-21414
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf Vendor Advisory
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
OR cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : 7.1
References () https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory () https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory

08 Nov 2024, 09:15

Type Values Removed Values Added
CWE CWE-121

20 Oct 2023, 18:31

Type Values Removed Values Added
References (MISC) https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - (MISC) https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
CWE NVD-CWE-noinfo
First Time Axis p3267-lve
Axis q3527-lve
Axis q3626-ve
Axis m4317-plve
Axis q3628-ve
Axis m4328-p
Axis p1468-le
Axis p3267-lv
Axis q1656-b
Axis q1656-dle
Axis p3827-pve
Axis xfq1656
Axis p1468-xle
Axis q3538-lve
Axis p4705-plve
Axis m3216
Axis p3268-lv
Axis axis Os
Axis p4707-plve
Axis
Axis q2101-te
Axis q3536-lve
Axis a8207-ve Mk Ii
Axis p3265-lve
Axis p3265-v
Axis p3265-lv
Axis m4318-plve
Axis p1467-le
Axis q1656-be
Axis q1656
Axis p3268-lve
Axis q1656-ble
Axis m3215
Axis q1656-le
Axis m4327-p
Axis q1961-te
CPE cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*

16 Oct 2023, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-16 07:15

Updated : 2024-11-21 07:42

NVD link : CVE-2023-21414

Mitre link : CVE-2023-21414

CVE.ORG link : CVE-2023-21414

JSON object : View

Products Affected

axis

  • p3265-lv
  • q1656
  • p3268-lve
  • p3267-lv
  • p3267-lve
  • m4317-plve
  • p1468-le
  • m4328-p
  • q1656-dle
  • p3265-lve
  • q1656-le
  • m3216
  • axis_os
  • m3215
  • p1468-xle
  • q2101-te
  • q1656-ble
  • xfq1656
  • q3538-lve
  • q1656-b
  • a8207-ve_mk_ii
  • m4318-plve
  • q1656-be
  • p4707-plve
  • p1467-le
  • p3268-lv
  • q3628-ve
  • q3536-lve
  • p4705-plve
  • q3527-lve
  • q1961-te
  • q3626-ve
  • p3827-pve
  • p3265-v
  • m4327-p
CWE
CWE-121

Stack-based Buffer Overflow

NVD-CWE-noinfo