AXIS OS Vulnerability: A New Threat to Secure Boot
CVE-2024-7784

6.1MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 10 September 2024

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2024-7784?

A vulnerability has been identified in the Secure Boot mechanism of Axis OS, which ensures the integrity of the device during startup. This flaw could allow an attacker to bypass the tamper protection features, potentially affecting the security posture of devices utilizing the affected OS versions. Axis Communications has acknowledged the issue and has released patched versions of Axis OS to remedy the situation. Users are encouraged to upgrade to the latest versions as outlined in the Axis security advisory to mitigate risks associated with this vulnerability.

Affected Version(s)

AXIS OS ARTPEC 8 10.9.0 < 10.12.246

AXIS OS ARTPEC 8 11.0.0 < 11.11.80

AXIS OS ARTPEC 8 12.0.0 < 12.0.40

References

https://www.axis.com/dam/public/ba/5f/4e/cve-2024-7784-en...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 14, 2024