CVE-2023-21413: Command Injection
First published: Mon Oct 16 2023(Updated: )
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Credit: product-security@axis.com product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axis Axis Os | >=10.5.0<10.12.199 | |
| Axis Axis Os | >=11.0.89<11.6.94 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2023-21413.
What is the severity of CVE-2023-21413?
The severity of CVE-2023-21413 is critical.
What is the affected software?
The affected software is Axis Axis OS, with versions between 10.5.0 and 10.12.199 LTS, and versions between 11.0.89 and 11.6.94 Active.
How does CVE-2023-21413 allow for remote code execution?
CVE-2023-21413 allows for remote code execution during the installation of ACAP applications on the Axis device by exploiting a command injection vulnerability in the application handling service in AXIS OS.
Has Axis released a fix for CVE-2023-21413?
Yes, Axis has released a fix for CVE-2023-21413.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/axis
- canonical/axis axis os
- version/axis axis os/10.5.0
- version/axis axis os/11.0.89