Search
Find a vulnerability
Search criteria
2 vulnerabilities found for AXIS A8207-VE Mk II by Axis Communications AB
CVE-2023-21414 (GCVE-0-2023-21414)
Vulnerability from nvd – Published: 2023-10-16 06:18 – Updated: 2024-11-08 08:32
VLAI
Summary
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
AXIS OS 10.11 - 11.5
|
|
| Axis Communications AB | AXIS A8207-VE Mk II |
Affected:
AXIS OS 11.5 or earlier
|
|
| Axis Communications AB | AXIS Q3527-LVE |
Affected:
AXIS OS 10.11 - 11.5
|
|
| axis | axis_os |
Affected:
10.11 , ≤ 11.5
(custom)
cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:* |
|
| axis | a8207-ve_mk_ii |
Affected:
0 , < 11.5
(custom)
cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:* |
|
| axis | q3527-lve |
Affected:
10.11 , ≤ 11.5
(custom)
cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "axis_os",
"vendor": "axis",
"versions": [
{
"lessThanOrEqual": "11.5",
"status": "affected",
"version": "10.11",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a8207-ve_mk_ii",
"vendor": "axis",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "q3527-lve",
"vendor": "axis",
"versions": [
{
"lessThanOrEqual": "11.5",
"status": "affected",
"version": "10.11",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:32:46.140128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:42:45.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"ARTPEC 8"
],
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS A8207-VE Mk II",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 11.5 or earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Q3527-LVE",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:32:47.057Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2023-21414",
"datePublished": "2023-10-16T06:18:06.428Z",
"dateReserved": "2022-11-04T18:30:01.767Z",
"dateUpdated": "2024-11-08T08:32:47.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21414 (GCVE-0-2023-21414)
Vulnerability from cvelistv5 – Published: 2023-10-16 06:18 – Updated: 2024-11-08 08:32
VLAI
Summary
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
AXIS OS 10.11 - 11.5
|
|
| Axis Communications AB | AXIS A8207-VE Mk II |
Affected:
AXIS OS 11.5 or earlier
|
|
| Axis Communications AB | AXIS Q3527-LVE |
Affected:
AXIS OS 10.11 - 11.5
|
|
| axis | axis_os |
Affected:
10.11 , ≤ 11.5
(custom)
cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:* |
|
| axis | a8207-ve_mk_ii |
Affected:
0 , < 11.5
(custom)
cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:* |
|
| axis | q3527-lve |
Affected:
10.11 , ≤ 11.5
(custom)
cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "axis_os",
"vendor": "axis",
"versions": [
{
"lessThanOrEqual": "11.5",
"status": "affected",
"version": "10.11",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a8207-ve_mk_ii",
"vendor": "axis",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "q3527-lve",
"vendor": "axis",
"versions": [
{
"lessThanOrEqual": "11.5",
"status": "affected",
"version": "10.11",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:32:46.140128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:42:45.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"ARTPEC 8"
],
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS A8207-VE Mk II",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 11.5 or earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Q3527-LVE",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:32:47.057Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2023-21414",
"datePublished": "2023-10-16T06:18:06.428Z",
"dateReserved": "2022-11-04T18:30:01.767Z",
"dateUpdated": "2024-11-08T08:32:47.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}