CVE-2023-21404

MEDIUM

AXIS OS <11.3.x - Info Disclosure

Title source: llm

Description

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

References (1)

[Vendor Advisory] https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf

Scores

CVSS v3 5.3

EPSS 0.0017

EPSS Percentile 37.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321 CWE-311

Status published

Products (1)

axis/axis_os 11.0.89 - 11.4.52

Published May 08, 2023

Tracked Since Feb 18, 2026