CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AxisCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.1 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
axisaxis_os
11.0.89 ≤
𝑥
< 11.4.52
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf