CVE-2023-21414

Summary

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected Software

VendorProductVersion RangeStatus
Axis Communications ABAXIS OSAXIS OS 10.11 - 11.5affected
Axis Communications ABAXIS A8207-VE Mk IIAXIS OS 11.5 or earlieraffected
Axis Communications ABAXIS Q3527-LVEAXIS OS 10.11 - 11.5affected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References