CVE-2023-5553 Vulnerability Details

  /     /     /  

CVE-2023-5553 Metadata Quick Info

CVE Published: 21/11/2023 | CVE Updated: 08/11/2024 | CVE Year: 2023
Source: Axis | Vendor: Axis Communications AB | Product: AXIS OS
Status : PUBLISHED

CVE-2023-5553 Description

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Metrics

CVSS Version: 3.1 | Base Score: 7.6 HIGH
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-863
CWE Name: CWE-863: Incorrect Authorization
Source: Axis Communications AB

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-5553 Vulnerability Details