CVE-2023-21404 — MEDIUM (5.3)

Q: How severe is CVE-2023-21404?

CVE-2023-21404 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-21404?

Check the references section above for vendor advisories and patch information. Affected products include: Axis Axis Os.

Vulnerability Description

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Axis	Axis Os	>= 11.0.89, < 11.4.52

Related Weaknesses (CWE)

CWE-321 CWE-311

References

https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdfVendor Advisory
https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdfVendor Advisory

FAQ

What is CVE-2023-21404?

CVE-2023-21404 is a vulnerability with a CVSS score of 5.3 (MEDIUM). AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compr...

How severe is CVE-2023-21404?

CVE-2023-21404 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-21404?

Check the references section above for vendor advisories and patch information. Affected products include: Axis Axis Os.