2023-10-16 08:00:28 +00:00
{
"id" : "CVE-2023-21414" ,
"sourceIdentifier" : "product-security@axis.com" ,
"published" : "2023-10-16T07:15:08.680" ,
2023-10-29 09:06:41 +00:00
"lastModified" : "2023-10-20T18:31:53.573" ,
"vulnStatus" : "Analyzed" ,
2023-10-16 08:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
2023-10-29 09:06:41 +00:00
} ,
{
"lang" : "es" ,
"value" : "NCC Group ha encontrado una falla durante la prueba de penetraci\u00f3n interna anual solicitada por Axis Communications. La protecci\u00f3n contra la manipulaci\u00f3n de dispositivos (com\u00fanmente conocida como Arranque Seguro) contiene una falla que brinda la oportunidad de que un ataque sofisticado eluda esta protecci\u00f3n. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
2023-10-16 08:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-10-29 09:06:41 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "PHYSICAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.8 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 0.9 ,
"impactScore" : 5.9
} ,
2023-10-16 08:00:28 +00:00
{
"source" : "product-security@axis.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" ,
"attackVector" : "PHYSICAL" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.1 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 0.5 ,
"impactScore" : 6.0
}
]
} ,
2023-10-29 09:06:41 +00:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-noinfo"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.11.55" ,
"versionEndExcluding" : "10.12.206" ,
"matchCriteriaId" : "A57EAA0B-F777-491D-8CA0-3946AE128F8A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*" ,
"versionStartIncluding" : "11.0.89" ,
"versionEndExcluding" : "11.6.94" ,
"matchCriteriaId" : "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CCF92600-C422-4EAD-9832-59940D509E35"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2FD56A2A-788C-4168-AFF8-403D0CDEB056"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF3E4C56-DF16-4954-BFAB-B877B417DC67"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CEBA6BAB-84F8-4990-9F69-D2164AA41413"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D2A8EB07-E3C5-4752-ACF1-42A34CF8481C"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1CD842CE-5408-4DC3-8047-4E3A55B1253C"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A678D824-2504-4C95-910D-3EE27F71278B"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "33BA6000-C024-4B45-8449-ADE57233B593"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6313E41C-6087-437D-9AE9-73A853EE4C48"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "52E2F23C-D61D-4A40-B9F9-7DE0740A743D"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E96AFC9-5D17-469E-A120-F8D25BA3D3A2"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4A761F9E-DDEB-43B5-BE2D-54B1BD3207DB"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4724987B-2077-4598-B179-ECAAD3646793"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "68DC7D03-7348-4641-8109-A610D8F586DF"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E8457180-29F6-4742-A1C8-EFB3D511B6EC"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0B022EF0-E531-4F82-8E03-B46414555A9A"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E566446-B3C7-4D03-9FA5-D999C10183B0"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E0624855-756A-40A9-91BF-DE8C0EC355D6"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E10F52AE-C6D7-4E10-B496-18CCF617FB69"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "74D4E995-4C85-4E94-B18B-044C6D95490C"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "68062F65-BAF1-45CC-8515-9747C6FDF42B"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9D52CD5-4E62-4B7F-81B1-7A37620BEABF"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "985DA048-28F6-413D-A611-297993B178BE"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "76D5EF68-F3F3-4ABD-A139-D1823CE0F92C"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D1129AC4-1953-4B50-90CC-50D2E4D9AB39"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BBDE1252-B9A9-4876-9BA3-5D1AFB5B2E72"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D5C9586E-9B12-4C45-9F89-A6116493D4DE"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "86575D32-774E-4611-87B3-5B3A3A4B59AA"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9EF429DC-1F90-4942-9A97-F93AEF866B0B"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "989BC60B-79F9-4650-AAA2-4787D6477B1C"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0374F956-C9D1-4D9B-AEEA-4F1103EAA9CA"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C60CBB3A-0242-4AE7-909E-37EF99C6E136"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*" ,
"versionEndExcluding" : "11.6.94" ,
"matchCriteriaId" : "1F2CD512-C82D-454A-B322-BBD93EF7E85C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CB61500A-D634-436C-8BE9-00CEEC301B55"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "10.11.55" ,
"versionEndExcluding" : "10.12.206" ,
"matchCriteriaId" : "A57EAA0B-F777-491D-8CA0-3946AE128F8A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*" ,
"versionStartIncluding" : "11.0.89" ,
"versionEndExcluding" : "11.6.94" ,
"matchCriteriaId" : "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C7601D7-8413-49DF-AFCC-1C7851A1B41A"
}
]
}
]
}
] ,
2023-10-16 08:00:28 +00:00
"references" : [
{
"url" : "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf" ,
2023-10-29 09:06:41 +00:00
"source" : "product-security@axis.com" ,
"tags" : [
"Vendor Advisory"
]
2023-10-16 08:00:28 +00:00
}
]
}
