cvelistv5 - cve-2023-5553

CVE-2023-5553 (GCVE-0-2023-5553)

Vulnerability from cvelistv5 – Published: 2023-11-21 06:59 – Updated: 2025-06-10 14:00

Summary

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Severity ?

7.6 (High)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization

Assigner

Axis

References

URL

Tags

https://www.axis.com/dam/public/0a/66/25/cve-2023…

Impacted products

	Vendor	Product	Version
	Axis Communications AB	AXIS OS	Affected: AXIS OS 10.8 - 11.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "axis_os",
            "vendor": "axis",
            "versions": [
              {
                "lessThanOrEqual": "11.6",
                "status": "affected",
                "version": "10.8",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5553",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:00:11.680274Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T14:00:37.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ARTPEC 8"
          ],
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "status": "affected",
              "version": "AXIS OS 10.8 - 11.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
            }
          ],
          "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T08:25:35.388Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2023-5553",
    "datePublished": "2023-11-21T06:59:42.711Z",
    "dateReserved": "2023-10-12T07:06:14.462Z",
    "dateUpdated": "2025-06-10T14:00:37.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*\", \"versionStartIncluding\": \"10.8\", \"versionEndExcluding\": \"11.7.57\", \"matchCriteriaId\": \"D83DBF3A-DDF4-4595-87AE-25FD2321293F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*\", \"versionEndExcluding\": \"10.12.213\", \"matchCriteriaId\": \"EB91B5E0-93B8-4FD7-9199-B780170A5770\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\"}, {\"lang\": \"es\", \"value\": \"Durante el modelado de amenazas interno en Axis Security Development Model (ASDM), se encontr\\u00f3 una falla en la protecci\\u00f3n contra manipulaci\\u00f3n de dispositivos (com\\u00fanmente conocida como Arranque Seguro) en el sistema operativo AXIS, lo que lo hace vulnerable a un ataque sofisticado para eludir esta protecci\\u00f3n. Hasta donde sabe Axis, no se conocen explotaciones de esta vulnerabilidad en este momento. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\\u00e1s informaci\\u00f3n y soluciones.\"}]",
      "id": "CVE-2023-5553",
      "lastModified": "2024-11-21T08:42:00.047",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}]}",
      "published": "2023-11-21T07:15:11.180",
      "references": "[{\"url\": \"https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf\", \"source\": \"product-security@axis.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@axis.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-693\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5553\",\"sourceIdentifier\":\"product-security@axis.com\",\"published\":\"2023-11-21T07:15:11.180\",\"lastModified\":\"2025-06-10T14:15:26.850\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\"},{\"lang\":\"es\",\"value\":\"Durante el modelado de amenazas interno en Axis Security Development Model (ASDM), se encontr\u00f3 una falla en la protecci\u00f3n contra manipulaci\u00f3n de dispositivos (com\u00fanmente conocida como Arranque Seguro) en el sistema operativo AXIS, lo que lo hace vulnerable a un ataque sofisticado para eludir esta protecci\u00f3n. Hasta donde sabe Axis, no se conocen explotaciones de esta vulnerabilidad en este momento. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*\",\"versionStartIncluding\":\"10.8\",\"versionEndExcluding\":\"11.7.57\",\"matchCriteriaId\":\"D83DBF3A-DDF4-4595-87AE-25FD2321293F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"10.12.213\",\"matchCriteriaId\":\"EB91B5E0-93B8-4FD7-9199-B780170A5770\"}]}]}],\"references\":[{\"url\":\"https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf\",\"source\":\"product-security@axis.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:59:44.904Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5553\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-10T14:00:11.680274Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*\"], \"vendor\": \"axis\", \"product\": \"axis_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.8\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"11.6\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-29T20:36:59.354Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Axis Communications AB\", \"product\": \"AXIS OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"AXIS OS 10.8 - 11.6\"}], \"platforms\": [\"ARTPEC 8\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"shortName\": \"Axis\", \"dateUpdated\": \"2024-11-08T08:25:35.388Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5553\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-10T14:00:37.202Z\", \"dateReserved\": \"2023-10-12T07:06:14.462Z\", \"assignerOrgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"datePublished\": \"2023-11-21T06:59:42.711Z\", \"assignerShortName\": \"Axis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-5553

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-5553

Aliases

CVE-2023-5553

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-5553",
    "id": "GSD-2023-5553"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5553"
      ],
      "details": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n",
      "id": "GSD-2023-5553",
      "modified": "2023-12-13T01:20:51.028223Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@axis.com",
        "ID": "CVE-2023-5553",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AXIS OS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "AXIS OS 10.8 - 11.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Axis Communications AB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf",
            "refsource": "MISC",
            "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.12.213",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.7.57",
                "versionStartIncluding": "10.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@axis.com",
          "ID": "CVE-2023-5553"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf",
              "refsource": "",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-12-04T15:03Z",
      "publishedDate": "2023-11-21T07:15Z"
    }
  }
}

CERTFR-2023-AVI-0984

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Axis. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Axis	N/A	AXIS OS versions 10.x antérieures à 10.12.213 (version en support étendu "LTS 2022")
Axis	N/A	AXIS OS versions 8.x antérieures à 8.40.37 (version en support étendu "LTS 2018")
Axis	N/A	AXIS OS versions 9.x antérieures à 9.80.49 (version en support étendu "LTS 2020")
Axis	N/A	AXIS OS versions antérieures à 6.50.5.15 pour les produits bénéficiant d'un support logiciel
Axis	N/A	AXIS OS versions 11.x antérieures à 11.7.57

References

Title

Publication Time

Tags

Bulletin de sécurité Axis cve-2023-5553 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21417 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21416 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21418 du 21 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AXIS OS versions 10.x ant\u00e9rieures \u00e0 10.12.213 (version en support \u00e9tendu \"LTS 2022\")",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions 8.x ant\u00e9rieures \u00e0 8.40.37 (version en support \u00e9tendu \"LTS 2018\")",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions 9.x ant\u00e9rieures \u00e0 9.80.49 (version en support \u00e9tendu \"LTS 2020\")",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions ant\u00e9rieures \u00e0 6.50.5.15 pour les produits b\u00e9n\u00e9ficiant d\u0027un support logiciel",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions 11.x ant\u00e9rieures \u00e0 11.7.57",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21418"
    },
    {
      "name": "CVE-2023-21417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21417"
    },
    {
      "name": "CVE-2023-5553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5553"
    },
    {
      "name": "CVE-2023-21416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21416"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0984",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-29T00:00:00.000000"
    },
    {
      "description": "ajout avis \u00e9diteur cve-2023-5553",
      "revision_date": "2023-11-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-5553 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21417 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21416 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/35/2a/a6/cve-2023-21416-en-US-417790.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21418 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf"
    }
  ]
}

CERTFR-2023-AVI-0984

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Axis	N/A	AXIS OS versions 10.x antérieures à 10.12.213 (version en support étendu "LTS 2022")
Axis	N/A	AXIS OS versions 8.x antérieures à 8.40.37 (version en support étendu "LTS 2018")
Axis	N/A	AXIS OS versions 9.x antérieures à 9.80.49 (version en support étendu "LTS 2020")
Axis	N/A	AXIS OS versions antérieures à 6.50.5.15 pour les produits bénéficiant d'un support logiciel
Axis	N/A	AXIS OS versions 11.x antérieures à 11.7.57

References

Title

Publication Time

Tags

Bulletin de sécurité Axis cve-2023-5553 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21417 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21416 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité Axis cve-2023-21418 du 21 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AXIS OS versions 10.x ant\u00e9rieures \u00e0 10.12.213 (version en support \u00e9tendu \"LTS 2022\")",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions 8.x ant\u00e9rieures \u00e0 8.40.37 (version en support \u00e9tendu \"LTS 2018\")",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions 9.x ant\u00e9rieures \u00e0 9.80.49 (version en support \u00e9tendu \"LTS 2020\")",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions ant\u00e9rieures \u00e0 6.50.5.15 pour les produits b\u00e9n\u00e9ficiant d\u0027un support logiciel",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS OS versions 11.x ant\u00e9rieures \u00e0 11.7.57",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21418"
    },
    {
      "name": "CVE-2023-21417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21417"
    },
    {
      "name": "CVE-2023-5553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5553"
    },
    {
      "name": "CVE-2023-21416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21416"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0984",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-29T00:00:00.000000"
    },
    {
      "description": "ajout avis \u00e9diteur cve-2023-5553",
      "revision_date": "2023-11-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-5553 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21417 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21416 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/35/2a/a6/cve-2023-21416-en-US-417790.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis cve-2023-21418 du 21 novembre 2023",
      "url": "https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf"
    }
  ]
}

FKIE_CVE-2023-5553

Vulnerability from fkie_nvd - Published: 2023-11-21 07:15 - Updated: 2025-06-10 14:15

Severity ?

7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	product-security@axis.com	https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	axis	axis_os	*
	axis	axis_os_2022	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
              "matchCriteriaId": "D83DBF3A-DDF4-4595-87AE-25FD2321293F",
              "versionEndExcluding": "11.7.57",
              "versionStartIncluding": "10.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "EB91B5E0-93B8-4FD7-9199-B780170A5770",
              "versionEndExcluding": "10.12.213",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
    },
    {
      "lang": "es",
      "value": "Durante el modelado de amenazas interno en Axis Security Development Model (ASDM), se encontr\u00f3 una falla en la protecci\u00f3n contra manipulaci\u00f3n de dispositivos (com\u00fanmente conocida como Arranque Seguro) en el sistema operativo AXIS, lo que lo hace vulnerable a un ataque sofisticado para eludir esta protecci\u00f3n. Hasta donde sabe Axis, no se conocen explotaciones de esta vulnerabilidad en este momento. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
    }
  ],
  "id": "CVE-2023-5553",
  "lastModified": "2025-06-10T14:15:26.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 6.0,
        "source": "product-security@axis.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-21T07:15:11.180",
  "references": [
    {
      "source": "product-security@axis.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
    }
  ],
  "sourceIdentifier": "product-security@axis.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "product-security@axis.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V5CR-HWCX-R95M

Vulnerability from github – Published: 2023-11-21 09:30 – Updated: 2023-11-21 09:30

Details

Severity ?

7.6 (High)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-5553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-693",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-21T07:15:11Z",
    "severity": "HIGH"
  },
  "details": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n",
  "id": "GHSA-v5cr-hwcx-r95m",
  "modified": "2023-11-21T09:30:23Z",
  "published": "2023-11-21T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5553"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-5553 (GCVE-0-2023-5553)

GSD-2023-5553

CERTFR-2023-AVI-0984

Solution

CERTFR-2023-AVI-0984

Solution

FKIE_CVE-2023-5553

GHSA-V5CR-HWCX-R95M

Tags

Sightings

Nomenclature