CVE-2023-21414
First published: Mon Oct 16 2023(Updated: )
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Credit: product-security@axis.com product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axis Axis Os | >=10.11.55<10.12.206 | |
| Axis Axis Os | >=11.0.89<11.6.94 | |
| Axis M3215 | ||
| Axis M3216 | ||
| Axis M4317-plve | ||
| Axis M4318-plve | ||
| Axis M4327-p | ||
| Axis M4328-p | ||
| Axis P1467-le | ||
| Axis P1468-le | ||
| Axis P1468-xle | ||
| Axis P3265-lv | ||
| Axis P3265-lve | ||
| Axis P3265-v | ||
| Axis P3267-lv | ||
| Axis P3267-lve | ||
| Axis P3268-lv | ||
| Axis P3268-lve | ||
| Axis P3827-pve | ||
| Axis P4705-plve | ||
| Axis P4707-plve | ||
| Axis Q1656 | ||
| Axis Q1656-b | ||
| Axis Q1656-be | ||
| Axis Q1656-ble | ||
| Axis Q1656-dle | ||
| Axis Q1656-le | ||
| Axis Q1961-te | ||
| Axis Q2101-te | ||
| Axis Q3536-lve | ||
| Axis Q3538-lve | ||
| Axis Q3626-ve | ||
| Axis Q3628-ve | ||
| Axis Xfq1656 | ||
| Axis Axis Os | <11.6.94 | |
| Axis A8207-ve Mk Ii | ||
| Axis Q3527-lve |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-21414?
CVE-2023-21414 is a vulnerability found during a penetration test conducted by NCC Group on Axis Communications' Secure Boot protection for device tampering which allows a sophisticated attack to bypass this protection.
Which software versions are affected by CVE-2023-21414?
CVE-2023-21414 affects Axis Axis OS versions 10.11.55 to 10.12.206 and 11.0.89 to 11.6.94.
How severe is CVE-2023-21414?
CVE-2023-21414 has a severity score of 6.8, which is considered high.
Has Axis released a patch for CVE-2023-21414?
Yes, Axis has released a patch for CVE-2023-21414. Please refer to their official website for more information.
Where can I find more information about CVE-2023-21414?
You can find more information about CVE-2023-21414 on Axis Communications' official website.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/nvd-api
- collector/nvd-index
- vendor/axis
- canonical/axis axis os
- version/axis axis os/10.11.55
- version/axis axis os/11.0.89
- canonical/axis m3215
- canonical/axis m3216
- canonical/axis m4317-plve
- canonical/axis m4318-plve
- canonical/axis m4327-p
- canonical/axis m4328-p
- canonical/axis p1467-le
- canonical/axis p1468-le
- canonical/axis p1468-xle
- canonical/axis p3265-lv
- canonical/axis p3265-lve
- canonical/axis p3265-v
- canonical/axis p3267-lv
- canonical/axis p3267-lve
- canonical/axis p3268-lv
- canonical/axis p3268-lve
- canonical/axis p3827-pve
- canonical/axis p4705-plve
- canonical/axis p4707-plve
- canonical/axis q1656
- canonical/axis q1656-b
- canonical/axis q1656-be
- canonical/axis q1656-ble
- canonical/axis q1656-dle
- canonical/axis q1656-le
- canonical/axis q1961-te
- canonical/axis q2101-te
- canonical/axis q3536-lve
- canonical/axis q3538-lve
- canonical/axis q3626-ve
- canonical/axis q3628-ve
- canonical/axis xfq1656
- canonical/axis a8207-ve mk ii
- canonical/axis q3527-lve