CVE-2023-21413 CRITICAL

CVE-2023-21413: Remote code execution vulnerability during the installation of ACAP applications on the Axis device

Vendor Axis Communications Ab

Product AXIS OS

Weakness CWE-78

Published October 16, 2023

Last update June 16, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Key dates

02Disclosure timeline

October 16, 2023 CVE published

June 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21413 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2023-21413: Remote code execution vulnerability during the installation of ACAP applications on the Axis device

01Description

02Disclosure timeline

03References

04Related CVE