CVE-2023-21414

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-21414
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf Vendor Advisory
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
OR cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-10-16 07:15

Updated : 2024-11-21 07:42

NVD link : CVE-2023-21414

Mitre link : CVE-2023-21414

CVE.ORG link : CVE-2023-21414

JSON object : View

Products Affected

axis

  • p3267-lv
  • m3216
  • m4327-p
  • p3268-lv
  • p3265-lv
  • p3265-lve
  • q3536-lve
  • q1961-te
  • p1468-le
  • p3827-pve
  • m3215
  • a8207-ve_mk_ii
  • xfq1656
  • m4328-p
  • p3268-lve
  • p4705-plve
  • q3538-lve
  • q1656-b
  • q1656-dle
  • q1656
  • axis_os
  • q1656-ble
  • q3628-ve
  • m4318-plve
  • q2101-te
  • p3265-v
  • q3527-lve
  • q1656-le
  • p1467-le
  • p3267-lve
  • p1468-xle
  • p4707-plve
  • q1656-be
  • m4317-plve
  • q3626-ve
CWE
CWE-121

Stack-based Buffer Overflow

NVD-CWE-noinfo