Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for AXIS A8207-VE Mk II by Axis Communications AB

    CVE-2023-21414 (GCVE-0-2023-21414)

    Vulnerability from nvd – Published: 2023-10-16 06:18 – Updated: 2024-11-08 08:32
    VLAI
    Summary
    NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Axis Communications AB AXIS OS Affected: AXIS OS 10.11 - 11.5
    Create a notification for this product.
    Axis Communications AB AXIS A8207-VE Mk II Affected: AXIS OS 11.5 or earlier
    Create a notification for this product.
    Axis Communications AB AXIS Q3527-LVE Affected: AXIS OS 10.11 - 11.5
    Create a notification for this product.
    axis axis_os Affected: 10.11 , ≤ 11.5 (custom)
        cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*
    Create a notification for this product.
    axis a8207-ve_mk_ii Affected: 0 , < 11.5 (custom)
        cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*
    Create a notification for this product.
    axis q3527-lve Affected: 10.11 , ≤ 11.5 (custom)
        cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:36:34.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "axis_os",
                "vendor": "axis",
                "versions": [
                  {
                    "lessThanOrEqual": "11.5",
                    "status": "affected",
                    "version": "10.11",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a8207-ve_mk_ii",
                "vendor": "axis",
                "versions": [
                  {
                    "lessThan": "11.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "q3527-lve",
                "vendor": "axis",
                "versions": [
                  {
                    "lessThanOrEqual": "11.5",
                    "status": "affected",
                    "version": "10.11",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21414",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T17:32:46.140128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T17:42:45.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ARTPEC 8"
              ],
              "product": "AXIS OS",
              "vendor": "Axis Communications AB",
              "versions": [
                {
                  "status": "affected",
                  "version": "AXIS OS 10.11 - 11.5"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AXIS A8207-VE Mk II",
              "vendor": "Axis Communications AB",
              "versions": [
                {
                  "status": "affected",
                  "version": "AXIS OS 11.5 or earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AXIS Q3527-LVE",
              "vendor": "Axis Communications AB",
              "versions": [
                {
                  "status": "affected",
                  "version": "AXIS OS 10.11 - 11.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
                }
              ],
              "value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-08T08:32:47.057Z",
            "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
            "shortName": "Axis"
          },
          "references": [
            {
              "url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "assignerShortName": "Axis",
        "cveId": "CVE-2023-21414",
        "datePublished": "2023-10-16T06:18:06.428Z",
        "dateReserved": "2022-11-04T18:30:01.767Z",
        "dateUpdated": "2024-11-08T08:32:47.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21414 (GCVE-0-2023-21414)

    Vulnerability from cvelistv5 – Published: 2023-10-16 06:18 – Updated: 2024-11-08 08:32
    VLAI
    Summary
    NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Axis Communications AB AXIS OS Affected: AXIS OS 10.11 - 11.5
    Create a notification for this product.
    Axis Communications AB AXIS A8207-VE Mk II Affected: AXIS OS 11.5 or earlier
    Create a notification for this product.
    Axis Communications AB AXIS Q3527-LVE Affected: AXIS OS 10.11 - 11.5
    Create a notification for this product.
    axis axis_os Affected: 10.11 , ≤ 11.5 (custom)
        cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*
    Create a notification for this product.
    axis a8207-ve_mk_ii Affected: 0 , < 11.5 (custom)
        cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*
    Create a notification for this product.
    axis q3527-lve Affected: 10.11 , ≤ 11.5 (custom)
        cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:36:34.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "axis_os",
                "vendor": "axis",
                "versions": [
                  {
                    "lessThanOrEqual": "11.5",
                    "status": "affected",
                    "version": "10.11",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "a8207-ve_mk_ii",
                "vendor": "axis",
                "versions": [
                  {
                    "lessThan": "11.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "q3527-lve",
                "vendor": "axis",
                "versions": [
                  {
                    "lessThanOrEqual": "11.5",
                    "status": "affected",
                    "version": "10.11",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21414",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T17:32:46.140128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T17:42:45.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ARTPEC 8"
              ],
              "product": "AXIS OS",
              "vendor": "Axis Communications AB",
              "versions": [
                {
                  "status": "affected",
                  "version": "AXIS OS 10.11 - 11.5"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AXIS A8207-VE Mk II",
              "vendor": "Axis Communications AB",
              "versions": [
                {
                  "status": "affected",
                  "version": "AXIS OS 11.5 or earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AXIS Q3527-LVE",
              "vendor": "Axis Communications AB",
              "versions": [
                {
                  "status": "affected",
                  "version": "AXIS OS 10.11 - 11.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
                }
              ],
              "value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-08T08:32:47.057Z",
            "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
            "shortName": "Axis"
          },
          "references": [
            {
              "url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "assignerShortName": "Axis",
        "cveId": "CVE-2023-21414",
        "datePublished": "2023-10-16T06:18:06.428Z",
        "dateReserved": "2022-11-04T18:30:01.767Z",
        "dateUpdated": "2024-11-08T08:32:47.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }