CVE-2023-21414

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-21414
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
OR cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*
History

20 Oct 2023, 18:31

Type Values Removed Values Added
References (MISC) https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - (MISC) https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf - Vendor Advisory
CPE cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
CWE NVD-CWE-noinfo
First Time Axis p1468-xle
Axis m4317-plve
Axis q3628-ve
Axis p4705-plve
Axis m3216
Axis xfq1656
Axis q1656-b
Axis p3267-lve
Axis p3268-lv
Axis q1656-le
Axis m4328-p
Axis q1656-be
Axis p3265-v
Axis p3265-lv
Axis a8207-ve Mk Ii
Axis p3267-lv
Axis p1468-le
Axis q1656-ble
Axis p3265-lve
Axis p1467-le
Axis q3626-ve
Axis m3215
Axis q1656
Axis p4707-plve
Axis p3827-pve
Axis q3538-lve
Axis
Axis q3536-lve
Axis p3268-lve
Axis q3527-lve
Axis q2101-te
Axis q1961-te
Axis m4318-plve
Axis axis Os
Axis m4327-p
Axis q1656-dle

16 Oct 2023, 11:58

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-16 07:15

Updated : 2024-11-08 09:15

NVD link : CVE-2023-21414

Mitre link : CVE-2023-21414

JSON object : View

Products Affected

axis

  • p3265-lv
  • m4327-p
  • axis_os
  • q1656-dle
  • q1656-b
  • m4318-plve
  • m4328-p
  • p4705-plve
  • p3265-v
  • p1468-xle
  • m3215
  • xfq1656
  • a8207-ve_mk_ii
  • q3538-lve
  • p3267-lv
  • p3827-pve
  • q1656-ble
  • q1656-be
  • p1467-le
  • p3268-lve
  • q1656
  • p3268-lv
  • m3216
  • p3267-lve
  • q1961-te
  • q3536-lve
  • q3626-ve
  • q1656-le
  • q2101-te
  • p3265-lve
  • m4317-plve
  • q3628-ve
  • p4707-plve
  • p1468-le
  • q3527-lve
CWE
NVD-CWE-noinfo