CVE-2023-21404

EUVD-2023-25572
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
4.1 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
axisaxis_os
11.0.89 ≤
𝑥
< 11.4.52
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf