What is the vulnerability ID for this flaw in AXIS A1001?

The vulnerability ID for this flaw in AXIS A1001 is CVE-2023-21406.

Who discovered the flaw in AXIS A1001?

The flaw in AXIS A1001 was discovered by Ariel Harush and Roy Hodir from OTORIO.

What is the severity of CVE-2023-21406?

The severity of CVE-2023-21406 is high with a severity value of 8.8.

What is the affected software by CVE-2023-21406?

The affected software by CVE-2023-21406 is Axis A1001 Firmware up to and including version 1.65.4.

How can the flaw in AXIS A1001 be exploited?

The flaw in AXIS A1001 can be exploited by appending invalid data to an OSDP message, leading to a heap-based buffer overflow and writing outside of the allocated buffer.

Vulnerability/
CVE-2023-21406

high

8.8

CWE

787 119 120 122

25/7/2023

8/11/2024

CVE-2023-21406: Heap-based buffer overflow in Axis A1001 Network Door Controller's OSDP communication

First published: Tue Jul 25 2023(Updated: )

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code. lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.

Credit: product-security@axis.com product-security@axis.com

Affected Software	Affected Version	How to fix
Axis A1001 Firmware	<=1.65.4
AXIS A1001
All of
Axis A1001 Firmware	<=1.65.4
AXIS A1001

Never miss a vulnerability like this again

Reference Links

https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf

Frequently Asked Questions

What is the vulnerability ID for this flaw in AXIS A1001?
The vulnerability ID for this flaw in AXIS A1001 is CVE-2023-21406.
Who discovered the flaw in AXIS A1001?
The flaw in AXIS A1001 was discovered by Ariel Harush and Roy Hodir from OTORIO.
What is the severity of CVE-2023-21406?
The severity of CVE-2023-21406 is high with a severity value of 8.8.
What is the affected software by CVE-2023-21406?
The affected software by CVE-2023-21406 is Axis A1001 Firmware up to and including version 1.65.4.
How can the flaw in AXIS A1001 be exploited?
The flaw in AXIS A1001 can be exploited by appending invalid data to an OSDP message, leading to a heap-based buffer overflow and writing outside of the allocated buffer.

collector/nvd-latest
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
agent/references
agent/weakness
agent/description
agent/severity
agent/title
agent/first-publish-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/axis
canonical/axis a1001 firmware
version/axis a1001 firmware/1.65.4
canonical/axis a1001

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.