Login Sign Up

CVE-2023-21407

8.8 HIGH
Authentication Bypass

📋 TL;DR

CVE-2023-21407 is a broken access control vulnerability in Axis Communications products that allows operator accounts to escalate privileges to administrator level. This affects Axis network video products running vulnerable firmware versions. Attackers with operator credentials can gain full administrative control over affected devices.

💻 Affected Systems

Products:
  • Axis network video products
Versions: Firmware versions prior to 10.12
Operating Systems: Embedded Linux-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires operator account credentials to exploit. All default configurations with operator accounts are vulnerable.

📦 What is this software?

License Plate Verifier by Axis

View all CVEs affecting License Plate Verifier →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Axis network video devices allowing attackers to disable security features, modify configurations, access video feeds, and potentially pivot to other network systems.

🟠

Likely Case

Unauthorized administrative access to video surveillance systems, enabling viewing of sensitive footage, disabling recording, or tampering with security settings.

🟢

If Mitigated

Limited impact if proper network segmentation, strong authentication, and monitoring are in place to detect privilege escalation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid operator credentials but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware 10.12 or later

Vendor Advisory: https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf

Restart Required: Yes

Instructions:

1. Download firmware 10.12 or later from Axis website. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply firmware update. 5. Reboot device. 6. Verify firmware version.

🔧 Temporary Workarounds

Restrict operator account access

all

Limit operator account permissions and monitor for unusual activity

Network segmentation

all

Isolate Axis devices in separate VLAN with restricted access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Axis devices from critical systems
  • Enforce strong authentication policies and regularly rotate operator credentials
  • Monitor for privilege escalation attempts in system logs
  • Consider disabling operator accounts if not strictly necessary

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > Support > System Overview

Check Version:

Not applicable - use web interface

Verify Fix Applied:

Verify firmware version is 10.12 or later in System > Support > System Overview

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Multiple failed login attempts followed by successful operator login
  • Administrative actions from operator accounts

Network Indicators:

  • Unusual administrative API calls from operator accounts
  • Configuration changes from non-admin accounts

SIEM Query:

source="axis_device" AND (event_type="privilege_escalation" OR user_role_change="operator_to_admin")

📊 Metadata

CVE ID: CVE-2023-21407
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: August 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON