A1001 Firmware
CVE-2023-21405
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.
AnalysisAI
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1286. Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions. Affected products include: Axis A1001 Firmware, Axis A1210 \(-B\) Firmware, Axis A1601 Firmware, Axis A1610 \(-B\) Firmware, Axis Axis Os.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in A1001 Firmware
View allAn issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is
An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is
An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. Rated high severity (CVSS 7.5), this
An issue was discovered in multiple models of Axis IP Cameras. Rated high severity (CVSS 7.5), this vulnerability is rem
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to ca
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (c
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. Rated high seve
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today