CVE-2023-21405

EPSS 0.07%
Veröffentlicht 25.07.2023 08:15:09
Zuletzt bearbeitet 21.11.2024 07:42:47
Quelle product-security@axis.com
Teams Watchlist Login
Unerledigt Login

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod process, causing a temporary unavailability of the door-controlling functionalities
meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted
as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axis ≫ A1001 Firmware Version <= 1.65.4

Axis ≫ A1001 Version-

Axis ≫ A1210 (-b) Firmware Version >= 11.0 <= 11.6.16.0

Axis ≫ A1210 (-b) Version-

Axis ≫ A1601 Firmware Version <= 1.84.4

Axis ≫ A1601 Version-

Axis ≫ A1601 Firmware Version >= 10.0 <= 10.12.171.0

Axis ≫ A1601 Version-

Axis ≫ A1601 Firmware Version >= 11.0 <= 11.6.16.0

Axis ≫ A1601 Version-

Axis ≫ A1610 (-b) Firmware Version <= 10.12.171.0

Axis ≫ A1610 (-b) Version-

Axis ≫ A1610 (-b) Firmware Version >= 11.0 <= 11.6.16.0

Axis ≫ A1610 (-b) Version-

Axis ≫ Axis Os Version <= 10.12.178

Axis ≫ A8207 Version-

Axis ≫ Axis Os Version >= 11.0 <= 11.5.53

Axis ≫ A8207 Version-

Axis ≫ Axis Os Version <= 10.12.178

Axis ≫ A8207 Mkii Version-

Axis ≫ Axis Os Version >= 11.0 <= 11.5.53

Axis ≫ A8207 Mkii Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.18

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
product-security@axis.com	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-21405

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21405

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21405

EUVD