CVE-2023-21404

MEDIUM

AXIS OS 11.0.89-11.3.x - Use of Hard-coded Cryptographic Key in Legacy LUA Components

Title source: llm

Description

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

References (1)

Core 1

Core References

Vendor Advisory

https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf

Scores

CVSS v3 5.3

EPSS 0.0028

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321 CWE-311

Status published

Products (1)

axis/axis_os 11.0.89 - 11.4.52

Published May 08, 2023

Tracked Since Feb 18, 2026