Vulnerability in Secure Boot of AXIS OS by Axis Communications
CVE-2023-21414

6.8MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os; Axis A8207-ve Mk Ii; Axis Q3527-lve
Vendor: CVE Published:; 16 October 2023

What is CVE-2023-21414?

A vulnerability has been identified in the Secure Boot implementation of AXIS OS, which could allow sophisticated attackers to bypass device tampering protections. Discovered during an annual penetration test by NCC Group, this flaw necessitates immediate attention from users and administrators of Axis devices. Axis Communications has released patched versions of AXIS OS to address this issue. Users are encouraged to review Axis's security advisory for detailed information and guidance on updating their affected products.

Affected Version(s)

AXIS A8207-VE Mk II AXIS OS 11.5 or earlier

AXIS OS ARTPEC 8 AXIS OS 10.11 - 11.5

AXIS Q3527-LVE AXIS OS 10.11 - 11.5

References

https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pd...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2023
Vulnerability Reserved
Nov 4, 2022

Axis Communications Ab

What is CVE-2023-21414?

Affected Version(s)

References

CVSS V3.1

Timeline