CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Published: Oct 16, 2023
Updated: Oct 21, 2023
CVE: CVE-2023-21414
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
axis / axis_os	10.11.55	10.12.206
axis / axis_os	11.0.89	11.6.94
axis / axis_os	-	11.6.94

https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf

Vulnerability Database

290,300

CVE-2023-21414