CVE-2023-21405

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:axis:a1210_\(-b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:axis:a1210_\(-b\):-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:axis:a1601_firmware::::::::
	cpe:2.3:o:axis:a1601_firmware::::::::
	cpe:2.3:o:axis:a1601_firmware::::::::

cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:axis:a1610_\(-b\)_firmware::::::::
	cpe:2.3:o:axis:a1610_\(-b\)_firmware::::::::

cpe:2.3:h:axis:a1610_\(-b\):-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:axis:axis_os::::::::
	cpe:2.3:o:axis:axis_os::::::::

cpe:2.3:h:axis:a8207:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:axis:axis_os::::::::
	cpe:2.3:o:axis:axis_os::::::::

cpe:2.3:h:axis:a8207_mkii:-:*:*:*:*:*:*:*

Information

Published : 2023-07-25 08:15

Updated : 2023-08-02 18:43

NVD link : CVE-2023-21405

Mitre link : CVE-2023-21405

JSON object : View

Products Affected

axis

a1610_\(-b\)_firmware
a1610_\(-b\)
axis_os
a8207
a1601
a1001_firmware
a1210_\(-b\)
a8207_mkii
a1601_firmware
a1210_\(-b\)_firmware
a1001

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf", "name": "https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "\nKnud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network\nIntercoms when communicating over OSDP, highlighting that the OSDP message parser crashes\nthe pacsiod process, causing a temporary unavailability of the door-controlling functionalities\nmeaning that doors cannot be opened or closed. No sensitive or customer data can be extracted\nas the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-21405", "ASSIGNER": "product-security@axis.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2023-07-25T08:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.65.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:axis:a1210_\\(-b\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.6.16.0", "versionStartIncluding": "11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:axis:a1210_\\(-b\\):-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:axis:a1601_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.84.4"}, {"cpe23Uri": "cpe:2.3:o:axis:a1601_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.12.171.0", "versionStartIncluding": "10.0"}, {"cpe23Uri": "cpe:2.3:o:axis:a1601_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.6.16.0", "versionStartIncluding": "11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:axis:a1610_\\(-b\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.12.171.0"}, {"cpe23Uri": "cpe:2.3:o:axis:a1610_\\(-b\\)_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.6.16.0", "versionStartIncluding": "11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:axis:a1610_\\(-b\\):-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.12.178"}, {"cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.5.53", "versionStartIncluding": "11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:axis:a8207:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.12.178"}, {"cpe23Uri": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.5.53", "versionStartIncluding": "11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:axis:a8207_mkii:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-02T18:43Z"}