CVE-2023-21404

EPSS 0.12%
Published 08.05.2023 21:15:10
Last modified 29.01.2025 17:15:22
Source product-security@axis.com
Teams watchlist Login
Open Login

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Axis ≫ Axis Os SwEdition- Version >= 11.0.89 < 11.4.52

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.27

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-21404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21404

EUVD