7.1

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Data is provided by the National Vulnerability Database (NVD)
AxisAxis Os Version >= 10.11.55 < 10.12.206
   AxisM3215 Version-
   AxisM3216 Version-
   AxisM4317-plve Version-
   AxisM4318-plve Version-
   AxisM4327-p Version-
   AxisM4328-p Version-
   AxisP1467-le Version-
   AxisP1468-le Version-
   AxisP1468-xle Version-
   AxisP3265-lv Version-
   AxisP3265-lve Version-
   AxisP3265-v Version-
   AxisP3267-lv Version-
   AxisP3267-lve Version-
   AxisP3268-lv Version-
   AxisP3268-lve Version-
   AxisP3827-pve Version-
   AxisP4705-plve Version-
   AxisP4707-plve Version-
   AxisQ1656 Version-
   AxisQ1656-b Version-
   AxisQ1656-be Version-
   AxisQ1656-ble Version-
   AxisQ1656-dle Version-
   AxisQ1656-le Version-
   AxisQ1961-te Version-
   AxisQ2101-te Version-
   AxisQ3536-lve Version-
   AxisQ3538-lve Version-
   AxisQ3626-ve Version-
   AxisQ3628-ve Version-
   AxisXfq1656 Version-
AxisAxis Os SwEditionactive Version >= 11.0.89 < 11.6.94
   AxisM3215 Version-
   AxisM3216 Version-
   AxisM4317-plve Version-
   AxisM4318-plve Version-
   AxisM4327-p Version-
   AxisM4328-p Version-
   AxisP1467-le Version-
   AxisP1468-le Version-
   AxisP1468-xle Version-
   AxisP3265-lv Version-
   AxisP3265-lve Version-
   AxisP3265-v Version-
   AxisP3267-lv Version-
   AxisP3267-lve Version-
   AxisP3268-lv Version-
   AxisP3268-lve Version-
   AxisP3827-pve Version-
   AxisP4705-plve Version-
   AxisP4707-plve Version-
   AxisQ1656 Version-
   AxisQ1656-b Version-
   AxisQ1656-be Version-
   AxisQ1656-ble Version-
   AxisQ1656-dle Version-
   AxisQ1656-le Version-
   AxisQ1961-te Version-
   AxisQ2101-te Version-
   AxisQ3536-lve Version-
   AxisQ3538-lve Version-
   AxisQ3626-ve Version-
   AxisQ3628-ve Version-
   AxisXfq1656 Version-
AxisAxis Os SwEditionactive Version < 11.6.94
   AxisA8207-ve Mk Ii Version-
AxisAxis Os Version >= 10.11.55 < 10.12.206
   AxisQ3527-lve Version-
AxisAxis Os SwEditionactive Version >= 11.0.89 < 11.6.94
   AxisQ3527-lve Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.007
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
product-security@axis.com 7.1 0.5 6
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).