PT-2023-18177 · Axis · Axis Os
Published
2023-05-08
·
Updated
2024-11-08
·
CVE-2023-21404
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AXIS OS versions 11.0.X through 11.3.x
Description
The issue concerns the use of a static RSA key in legacy LUA-components to protect Axis-specific source code. This static RSA key is not utilized in any other secure communication and cannot be used to compromise the device or any customer data.
Recommendations
For AXIS OS versions 11.0.X through 11.3.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Axis Os