CVE-2023-21405

CWE-1286CWE-7543 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 78.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Axis A1001 FirmwareAxis A1210 \(-b\) FirmwareAxis A1601 Firmware+8 more
Timeline
PublishedJul 25

Description

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages11 packages

CVEListV5axis_communications_ab/axis_a8207-ve_network_video_door_stationAXIS OS 10.12.178 or earlier, AXIS OS AXIS OS 11.0 - 11.5.53+1
CVEListV5axis_communications_ab/axis_a8207-ve_mk_ii_network_video_door_stationAXIS OS 10.12.178 or earlier, AXIS OS AXIS OS 11.0 - 11.5.53+1
CVEListV5axis_communications_ab/axis_a1601_network_door_controllerAXIS OS 1.84.4 or earlier, AXIS OS 10.12.171.0 or earlier, AXIS OS 11.0 - 11.6.16.0+2

🔴Vulnerability Details

2
CVEList
Denial-of-Service vulnerability in Axis Network Door Controller's and Axis Network Intercom's OSDP communication2023-07-25
GHSA
GHSA-m5vf-rp25-854p: Knud from Fraktal2023-07-25
CVE-2023-21405 (MEDIUM CVSS 6.5) | Knud from Fraktal.fi has found a fl | cvebase.io