CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.8%
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Vendor | Product | Version | CPE |
---|---|---|---|
axis | axis_os | * | cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:* |
axis | axis_os | * | cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:* |
axis | m3215 | - | cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:* |
axis | m3216 | - | cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:* |
axis | m4317-plve | - | cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:* |
axis | m4318-plve | - | cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:* |
axis | m4327-p | - | cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:* |
axis | m4328-p | - | cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:* |
axis | p1467-le | - | cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:* |
axis | p1468-le | - | cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"platforms": [
"ARTPEC 8"
],
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS A8207-VE Mk II",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 11.5 or earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXIS Q3527-LVE",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 10.11 - 11.5"
}
]
}
]