CVE-2023-21404

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

XIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

References

Link	Resource
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf	Vendor Advisory
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*

History

21 Nov 2024, 07:42

Type	Values Removed	Values Added
References	~~() https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf - Vendor Advisory~~	() https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf - Vendor Advisory

08 Nov 2024, 09:15

Type	Values Removed	Values Added
CWE		CWE-321

Information

Published : 2023-05-08 21:15

Updated : 2025-01-29 17:15

NVD link : CVE-2023-21404

Mitre link : CVE-2023-21404

CVE.ORG link : CVE-2023-21404

JSON object : View

Products Affected

axis_os

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2023-21404", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}]}, "published": "2023-05-08T21:15:10.727", "references": [{"url": "https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-321"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data."}], "lastModified": "2025-01-29T17:15:22.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E20A8270-5E92-4019-B0F8-DA6C1BFF855B", "versionEndExcluding": "11.4.52", "versionStartIncluding": "11.0.89"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}