Non-sanitized user input could lead to arbitrary code execution during Access Control configuration in AXIS License Plate Verifier
CVE-2023-21411

8.8HIGH

Key Information:

Vendor: Axis Communications Ab
Status: Axis License Plate Verifier
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-21411?

An input sanitization vulnerability exists in the 'Settings > Access Control' configuration interface of Axis products. This flaw allows users to exploit the system by executing arbitrary code, posing significant security risks. Organizations relying on affected Axis software should review their configurations and apply necessary updates to mitigate potential attacks.

Affected Version(s)

AXIS License Plate Verifier 2.8.3 or earlier

References

https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Nov 4, 2022

Axis Communications Ab

What is CVE-2023-21411?

Affected Version(s)

References

CVSS V3.1

Timeline