Denial-of-Service vulnerability in Axis Network Door Controller's and Axis Network Intercom's OSDP communication
CVE-2023-21405

6.5MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis A1001 Network Door Controller; Axis A1210-b Network Door Controller; Axis A1601 Network Door Controller; Axis A1610 (-b) Network Door Controller
Vendor: CVE Published:; 25 July 2023

What is CVE-2023-21405?

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.

Affected Version(s)

AXIS A1001 Network Door Controller AXIS OS 1.65.4 or earlier

AXIS A1210-B Network Door Controller AXIS OS 11.0 - 11.6.16.0

AXIS A1601 Network Door Controller AXIS OS 1.84.4 or earlier

References

https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-e...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Nov 4, 2022

Axis Communications Ab

What is CVE-2023-21405?

Affected Version(s)

References

CVSS V3.1

Timeline