With the September/October release of AXIS OS 11.6 and AXIS OS 10.12 LTS, we plan to patch a security vulnerability that was discovered during the annually performed penetration tests conducted by a 3rd party company.
Details about the actual vulnerability will be disclosed 2-3 weeks after the patch release is made available. For security reasons, that patch will then enforce downgrade restrictions. This means that the product can only be downgraded to the latest version of the 10.12 LTS track, if the product has support for it. Other older AXIS OS versions such as 11.5 or 11.4 etc. will not be accepted by the product from there on.
The affected products are based on AXIS ARTPEC-8 chipset. Please visit the AXIS OS portal for the complete list of affected products.
The release notes of the patched AXIS OS 10.12 LTS and AXIS OS 11.6 Active track will state the following:
“Corrected CVE-2023-21414. Note that downgrading the product to an older AXIS OS version other than the latest supported 10.12 LTS track release (if available) is not possible. For more information, please visit the Axis vulnerability management portal.”