Vulnerabilites related to axis - q3536-lve
Vulnerability from fkie_nvd
Published
2023-10-16 07:15
Modified
2024-11-21 07:42
Severity ?
7.1 (High) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | axis_os | * | |
| axis | axis_os | * | |
| axis | m3215 | - | |
| axis | m3216 | - | |
| axis | m4317-plve | - | |
| axis | m4318-plve | - | |
| axis | m4327-p | - | |
| axis | m4328-p | - | |
| axis | p1467-le | - | |
| axis | p1468-le | - | |
| axis | p1468-xle | - | |
| axis | p3265-lv | - | |
| axis | p3265-lve | - | |
| axis | p3265-v | - | |
| axis | p3267-lv | - | |
| axis | p3267-lve | - | |
| axis | p3268-lv | - | |
| axis | p3268-lve | - | |
| axis | p3827-pve | - | |
| axis | p4705-plve | - | |
| axis | p4707-plve | - | |
| axis | q1656 | - | |
| axis | q1656-b | - | |
| axis | q1656-be | - | |
| axis | q1656-ble | - | |
| axis | q1656-dle | - | |
| axis | q1656-le | - | |
| axis | q1961-te | - | |
| axis | q2101-te | - | |
| axis | q3536-lve | - | |
| axis | q3538-lve | - | |
| axis | q3626-ve | - | |
| axis | q3628-ve | - | |
| axis | xfq1656 | - | |
| axis | axis_os | * | |
| axis | a8207-ve_mk_ii | - | |
| axis | axis_os | * | |
| axis | axis_os | * | |
| axis | q3527-lve | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57EAA0B-F777-491D-8CA0-3946AE128F8A",
"versionEndExcluding": "10.12.206",
"versionStartIncluding": "10.11.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
"matchCriteriaId": "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648",
"versionEndExcluding": "11.6.94",
"versionStartIncluding": "11.0.89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF92600-C422-4EAD-9832-59940D509E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD56A2A-788C-4168-AFF8-403D0CDEB056",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3E4C56-DF16-4954-BFAB-B877B417DC67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA6BAB-84F8-4990-9F69-D2164AA41413",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A8EB07-E3C5-4752-ACF1-42A34CF8481C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD842CE-5408-4DC3-8047-4E3A55B1253C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A678D824-2504-4C95-910D-3EE27F71278B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA6000-C024-4B45-8449-ADE57233B593",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6313E41C-6087-437D-9AE9-73A853EE4C48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52E2F23C-D61D-4A40-B9F9-7DE0740A743D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E96AFC9-5D17-469E-A120-F8D25BA3D3A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A761F9E-DDEB-43B5-BE2D-54B1BD3207DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4724987B-2077-4598-B179-ECAAD3646793",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68DC7D03-7348-4641-8109-A610D8F586DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8457180-29F6-4742-A1C8-EFB3D511B6EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B022EF0-E531-4F82-8E03-B46414555A9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E566446-B3C7-4D03-9FA5-D999C10183B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0624855-756A-40A9-91BF-DE8C0EC355D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E10F52AE-C6D7-4E10-B496-18CCF617FB69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D4E995-4C85-4E94-B18B-044C6D95490C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68062F65-BAF1-45CC-8515-9747C6FDF42B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D52CD5-4E62-4B7F-81B1-7A37620BEABF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*",
"matchCriteriaId": "985DA048-28F6-413D-A611-297993B178BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76D5EF68-F3F3-4ABD-A139-D1823CE0F92C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1129AC4-1953-4B50-90CC-50D2E4D9AB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDE1252-B9A9-4876-9BA3-5D1AFB5B2E72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C9586E-9B12-4C45-9F89-A6116493D4DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86575D32-774E-4611-87B3-5B3A3A4B59AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF429DC-1F90-4942-9A97-F93AEF866B0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "989BC60B-79F9-4650-AAA2-4787D6477B1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0374F956-C9D1-4D9B-AEEA-4F1103EAA9CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C60CBB3A-0242-4AE7-909E-37EF99C6E136",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
"matchCriteriaId": "1F2CD512-C82D-454A-B322-BBD93EF7E85C",
"versionEndExcluding": "11.6.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB61500A-D634-436C-8BE9-00CEEC301B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57EAA0B-F777-491D-8CA0-3946AE128F8A",
"versionEndExcluding": "10.12.206",
"versionStartIncluding": "10.11.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
"matchCriteriaId": "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648",
"versionEndExcluding": "11.6.94",
"versionStartIncluding": "11.0.89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7601D7-8413-49DF-AFCC-1C7851A1B41A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
},
{
"lang": "es",
"value": "NCC Group ha encontrado una falla durante la prueba de penetraci\u00f3n interna anual solicitada por Axis Communications. La protecci\u00f3n contra la manipulaci\u00f3n de dispositivos (com\u00fanmente conocida como Arranque Seguro) contiene una falla que brinda la oportunidad de que un ataque sofisticado eluda esta protecci\u00f3n. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"id": "CVE-2023-21414",
"lastModified": "2024-11-21T07:42:48.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 6.0,
"source": "product-security@axis.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.680",
"references": [
{
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"sourceIdentifier": "product-security@axis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "product-security@axis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-21414
Vulnerability from cvelistv5
Published
2023-10-16 06:18
Modified
2024-11-08 08:32
Severity ?
EPSS score ?
Summary
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Axis Communications AB | AXIS OS |
Version: AXIS OS 10.11 - 11.5 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "axis_os",
"vendor": "axis",
"versions": [
{
"lessThanOrEqual": "11.5",
"status": "affected",
"version": "10.11",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:axis:a8207-ve_mk_ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a8207-ve_mk_ii",
"vendor": "axis",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:axis:q3527-lve:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "q3527-lve",
"vendor": "axis",
"versions": [
{
"lessThanOrEqual": "11.5",
"status": "affected",
"version": "10.11",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:32:46.140128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:42:45.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"ARTPEC 8"
],
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS A8207-VE Mk II",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 11.5 or earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Q3527-LVE",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:32:47.057Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2023-21414",
"datePublished": "2023-10-16T06:18:06.428Z",
"dateReserved": "2022-11-04T18:30:01.767Z",
"dateUpdated": "2024-11-08T08:32:47.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}