CVE-2023-21413

moderate-risk
Published 2023-10-16

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Do I need to act?

-
0.69% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Axis

References (2)

Vendor Advisory https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf
Vendor Advisory https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf
40
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 2/34 · Minimal
Exposure 7/34 · Low