cvelistv5 - CVE-2023-21410

CVE-2023-21410 (GCVE-0-2023-21410)

Vulnerability from cvelistv5 – Published: 2023-08-03 06:51 – Updated: 2024-11-08 08:28

Title

Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier

Summary

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Axis

References

URL

Tags

https://www.axis.com/dam/public/0b/1c/96/cve-2023…

Impacted products

	Vendor	Product	Version
	Axis Communications AB	AXIS License Plate Verifier	Affected: 2.8.3 or earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:36:34.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T15:38:35.181418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T15:38:43.424Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AXIS License Plate Verifier",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "status": "affected",
              "version": "2.8.3 or earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "User provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution."
            }
          ],
          "value": "User provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T08:28:59.293Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2023-21410",
    "datePublished": "2023-08-03T06:51:51.800Z",
    "dateReserved": "2022-11-04T18:30:01.767Z",
    "dateUpdated": "2024-11-08T08:28:59.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:axis:license_plate_verifier:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.8.3\", \"matchCriteriaId\": \"62FC990A-1CE0-410D-ACB0-7F3979A69BB2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"User provided input is not sanitized on the AXIS License Plate Verifier specific \\u201capi.cgi\\u201d allowing for\\narbitrary code execution.\"}]",
      "id": "CVE-2023-21410",
      "lastModified": "2024-11-21T07:42:48.427",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-08-03T07:15:12.927",
      "references": "[{\"url\": \"https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf\", \"source\": \"product-security@axis.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@axis.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-21410\",\"sourceIdentifier\":\"product-security@axis.com\",\"published\":\"2023-08-03T07:15:12.927\",\"lastModified\":\"2024-11-21T07:42:48.427\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"User provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\\narbitrary code execution.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axis:license_plate_verifier:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.3\",\"matchCriteriaId\":\"62FC990A-1CE0-410D-ACB0-7F3979A69BB2\"}]}]}],\"references\":[{\"url\":\"https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf\",\"source\":\"product-security@axis.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:36:34.456Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21410\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-17T15:38:35.181418Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-17T15:38:38.867Z\"}}], \"cna\": {\"title\": \"Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Axis Communications AB\", \"product\": \"AXIS License Plate Verifier\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.8.3 or earlier\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"User provided input is not sanitized on the AXIS License Plate Verifier specific \\u201capi.cgi\\u201d allowing for\\narbitrary code execution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"User provided input is not sanitized on the AXIS License Plate Verifier specific \\u201capi.cgi\\u201d allowing for\\narbitrary code execution.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"shortName\": \"Axis\", \"dateUpdated\": \"2024-11-08T08:28:59.293Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-21410\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T08:28:59.293Z\", \"dateReserved\": \"2022-11-04T18:30:01.767Z\", \"assignerOrgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"datePublished\": \"2023-08-03T06:51:51.800Z\", \"assignerShortName\": \"Axis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-21410

Vulnerability from fkie_nvd - Published: 2023-08-03 07:15 - Updated: 2024-11-21 07:42

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.

References

	URL	Tags
	product-security@axis.com	https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	axis	license_plate_verifier	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:axis:license_plate_verifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FC990A-1CE0-410D-ACB0-7F3979A69BB2",
              "versionEndIncluding": "2.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "User provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution."
    }
  ],
  "id": "CVE-2023-21410",
  "lastModified": "2024-11-21T07:42:48.427",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "product-security@axis.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-03T07:15:12.927",
  "references": [
    {
      "source": "product-security@axis.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
    }
  ],
  "sourceIdentifier": "product-security@axis.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "product-security@axis.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4V5C-V752-353R

Vulnerability from github – Published: 2023-08-03 09:30 – Updated: 2024-11-08 09:30

Details

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-21410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T07:15:12Z",
    "severity": "HIGH"
  },
  "details": "\nUser provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution.\n\n",
  "id": "GHSA-4v5c-v752-353r",
  "modified": "2024-11-08T09:30:29Z",
  "published": "2023-08-03T09:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21410"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-21410

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.

Aliases

CVE-2023-21410

Aliases

CVE-2023-21410

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-21410",
    "id": "GSD-2023-21410"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-21410"
      ],
      "details": "\nUser provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution.\n\n",
      "id": "GSD-2023-21410",
      "modified": "2023-12-13T01:20:25.999079Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@axis.com",
        "ID": "CVE-2023-21410",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AXIS License Plate Verifier ",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.8.3 or earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Axis Communications AB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nUser provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf",
            "refsource": "MISC",
            "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:axis:license_plate_verifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@axis.com",
          "ID": "CVE-2023-21410"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nUser provided input is not sanitized on the AXIS License Plate Verifier specific \u201capi.cgi\u201d allowing for\narbitrary code execution.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-07T19:26Z",
      "publishedDate": "2023-08-03T07:15Z"
    }
  }
}

CERTFR-2023-AVI-0618

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Axis License Plate Verifier. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Axis	N/A	License Plate Verifier versions antérieures à 2.8.4

References

Title

Publication Time

Tags

Bulletin de sécurité Axis CVE-2023-21407/12 du 01 août 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "License Plate Verifier versions ant\u00e9rieures \u00e0 2.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21408"
    },
    {
      "name": "CVE-2023-21410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21410"
    },
    {
      "name": "CVE-2023-21407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21407"
    },
    {
      "name": "CVE-2023-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21409"
    },
    {
      "name": "CVE-2023-21412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21412"
    },
    {
      "name": "CVE-2023-21411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21411"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0618",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Axis License Plate\nVerifier. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Axis License Plate Verifier",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21407/12 du 01 ao\u00fbt 2023",
      "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
    }
  ]
}

CERTFR-2023-AVI-0618

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Axis	N/A	License Plate Verifier versions antérieures à 2.8.4

References

Title

Publication Time

Tags

Bulletin de sécurité Axis CVE-2023-21407/12 du 01 août 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "License Plate Verifier versions ant\u00e9rieures \u00e0 2.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21408"
    },
    {
      "name": "CVE-2023-21410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21410"
    },
    {
      "name": "CVE-2023-21407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21407"
    },
    {
      "name": "CVE-2023-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21409"
    },
    {
      "name": "CVE-2023-21412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21412"
    },
    {
      "name": "CVE-2023-21411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21411"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0618",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Axis License Plate\nVerifier. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Axis License Plate Verifier",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis CVE-2023-21407/12 du 01 ao\u00fbt 2023",
      "url": "https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-21410 (GCVE-0-2023-21410)

FKIE_CVE-2023-21410

GHSA-4V5C-V752-353R

GSD-2023-21410

CERTFR-2023-AVI-0618

Solution

CERTFR-2023-AVI-0618

Solution

Tags

Sightings

Nomenclature