Vulnerability Key Information Vulnerability Description CVE ID: CVE-2024-7784 Release Date: October 9, 2024 Version: v1.0 Affected Products Axis ARTPEC-8 products: Running AXIS OS 10.9 - 11.11 Axis i.MX8 QP products: Running AXIS OS 11.11 Axis i.MX6 SX, i.MX6 ULL products: Running AXIS OS 10.10 - 11.11 Axis i.MX8M Mini, i.MX8M Nano UL products: Running AXIS OS 11.8 - 11.11 Vulnerability Overview Vulnerability Type: A flaw in the device tampering protection (commonly known as Secure Boot) in AXIS OS. Impact: Can be bypassed by sophisticated attacks. CVSS Score: 6.1 (Medium) Remediation Available Patches: - ARTPEC-8 and i.MX8 QP: - Active Track 12.0.40 - LTS 2024 11.11.80 - LTS 2022 10.12.246 - i.MX6 SX and i.MX6 ULL: - Active Track 12.0.47 - LTS 2024 11.11.85 - LTS 2022 10.12.247 - Axis i.MX8M Mini, i.MX8M Nano UL: - Active Track 12.0.47 - LTS 2024 11.11.85 Notes Downgrade Not Recommended: - Downgrading products to AXIS OS versions lower than the latest supported 11.11 LTS or 10.12 LTS versions is not recommended. More Information: - Additional details can be found on the Axis Vulnerability Management Portal. Recommendations Update Device Software: - The latest Axis device software is available at the designated link. Technical Support: - For further assistance and inquiries, contact Axis Technical Support.