CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.8%
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Vendor | Product | Version | CPE |
---|---|---|---|
axis | axis_os | * | cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:* |
axis | axis_os | * | cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:* |
axis | m3215 | - | cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:* |
axis | m3216 | - | cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:* |
axis | m4317-plve | - | cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:* |
axis | m4318-plve | - | cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:* |
axis | m4327-p | - | cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:* |
axis | m4328-p | - | cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:* |
axis | p1467-le | - | cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:* |
axis | p1468-le | - | cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.8%