Sign-up

ID

VAR-202307-2405


CVE

CVE-2023-21405


DESCRIPTION

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.

Trust: 1.0

sources: NVD: CVE-2023-21405

AFFECTED PRODUCTS

vendor:axismodel:a1610 \scope:gteversion:11.0

Trust: 1.0

vendor:axismodel:a1601scope:gteversion:11.0

Trust: 1.0

vendor:axismodel:a1601scope:lteversion:1.84.4

Trust: 1.0

vendor:axismodel:a1001scope:lteversion:1.65.4

Trust: 1.0

vendor:axismodel:osscope:gteversion:11.0

Trust: 1.0

vendor:axismodel:osscope:lteversion:10.12.178

Trust: 1.0

vendor:axismodel:a1610 \scope:lteversion:11.6.16.0

Trust: 1.0

vendor:axismodel:osscope:lteversion:11.5.53

Trust: 1.0

vendor:axismodel:a1601scope:lteversion:11.6.16.0

Trust: 1.0

vendor:axismodel:a1210 \scope:gteversion:11.0

Trust: 1.0

vendor:axismodel:a1610 \scope:lteversion:10.12.171.0

Trust: 1.0

vendor:axismodel:a1210 \scope:lteversion:11.6.16.0

Trust: 1.0

vendor:axismodel:a1601scope:lteversion:10.12.171.0

Trust: 1.0

vendor:axismodel:a1601scope:gteversion:10.0

Trust: 1.0

sources: NVD: CVE-2023-21405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-21405
value: MEDIUM

Trust: 1.0

product-security@axis.com: CVE-2023-21405
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-21405
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: NVD: CVE-2023-21405 // NVD: CVE-2023-21405

PROBLEMTYPE DATA

problemtype:CWE-1286

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-754

Trust: 1.0

sources: NVD: CVE-2023-21405

EXTERNAL IDS

db:NVDid:CVE-2023-21405

Trust: 1.0

sources: NVD: CVE-2023-21405

REFERENCES

url:https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-us-407244.pdf

Trust: 1.0

sources: NVD: CVE-2023-21405

SOURCES

db:NVDid:CVE-2023-21405

LAST UPDATE DATE

2024-11-08T23:14:29.519000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-21405date:2024-11-08T09:15:04.987

SOURCES RELEASE DATE

db:NVDid:CVE-2023-21405date:2023-07-25T08:15:09.927