CVE-2023-21413 — CRITICAL (9.1)

Q: How severe is CVE-2023-21413?

CVE-2023-21413 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-21413?

Check the references section above for vendor advisories and patch information. Affected products include: Axis Axis Os.

Vulnerability Description

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Axis	Axis Os	>= 10.5.0, < 10.12.199

Related Weaknesses (CWE)

CWE-78 CWE-77

References

https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdfVendor Advisory
https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdfVendor Advisory

FAQ

What is CVE-2023-21413?

CVE-2023-21413 is a vulnerability with a CVSS score of 9.1 (CRITICAL). GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS...

How severe is CVE-2023-21413?

CVE-2023-21413 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-21413?

Check the references section above for vendor advisories and patch information. Affected products include: Axis Axis Os.