CVE-2023-21404

EPSS 0.1%
Veröffentlicht 08.05.2023 21:15:10
Zuletzt bearbeitet 29.01.2025 17:15:22
Quelle product-security@axis.com
CVE-Watchlists
Login
Unerledigt
Login

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axis ≫ Axis Os SwEdition- Version >= 11.0.89 < 11.4.52

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.267

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-21404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21404

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-21404