Privilege escalation in AXIS License Plate Verifier ACAP
CVE-2023-21407

8.8HIGH

Key Information:

Vendor: Axis Communications Ab
Status: Axis License Plate Verifier
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-21407?

A vulnerability was identified that allows for broken access control, enabling an attacker to escalate privileges from an operator account to an administrator account in Axis Communications products. This weakness could lead to unauthorized access and control over critical functionalities within the affected systems, raising significant security concerns for users and organizations relying on these devices.

Affected Version(s)

AXIS License Plate Verifier 2.8.3 or earlier

References

https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Nov 4, 2022

Axis Communications Ab

What is CVE-2023-21407?

Affected Version(s)

References

CVSS V3.1

Timeline