CVE-2021-31987 – CVE-2021-31987 is an input validation vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-31987?

CVE-2021-31987 has a CVSS score of 7.5 (HIGH). CVE-2021-31987 is an input validation vulnerability in Axis Communications products that allows attackers to bypass blocked SMTP recipients. This affects network devices with SMTP test functionality enabled, potentially allowing unauthorized email transmission.

📋 TL;DR

CVE-2021-31987 is an input validation vulnerability in Axis Communications products that allows attackers to bypass blocked SMTP recipients. This affects network devices with SMTP test functionality enabled, potentially allowing unauthorized email transmission.

💻 Affected Systems

Products:

Axis Communications network cameras and video encoders

Versions: AXIS OS versions prior to 9.80.3.5

Operating Systems: AXIS OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SMTP test functionality to be accessible via the web interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could send emails through the device to any recipient, bypassing security controls, potentially enabling phishing campaigns or data exfiltration.

🟠

Likely Case

Limited email bypass allowing unauthorized messages through the device's SMTP server.

🟢

If Mitigated

No impact if SMTP test functionality is disabled or proper input validation is implemented.

🌐 Internet-Facing: MEDIUM - Requires network access to the device's management interface.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have access to the management interface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the device's web interface with appropriate privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AXIS OS 9.80.3.5 and later

Vendor Advisory: https://www.axis.com/files/tech_notes/CVE-2021-31987.pdf

Restart Required: Yes

Instructions:

1. Log into Axis device web interface. 2. Navigate to System > Maintenance. 3. Check for firmware updates. 4. Install AXIS OS 9.80.3.5 or later. 5. Reboot device after installation.

🔧 Temporary Workarounds

Disable SMTP test functionality

all

Remove or restrict access to the SMTP test feature in the web interface

Network segmentation

all

Restrict access to device management interfaces to authorized networks only

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the device management interface
Disable SMTP functionality entirely if not required for operations

🔍 How to Verify

Check if Vulnerable:

Check AXIS OS version via web interface: System > Options > System Options > About

Check Version:

Not applicable - use web interface or check device properties

Verify Fix Applied:

Verify version is 9.80.3.5 or higher and test SMTP functionality with blocked recipients

📡 Detection & Monitoring

Log Indicators:

Unusual SMTP test attempts
Failed recipient validation logs
Multiple SMTP test requests

Network Indicators:

SMTP traffic from Axis devices to unexpected recipients
Unusual port 25 traffic from management interfaces

SIEM Query:

source="axis_device" AND (event="smtp_test" OR event="email_bypass")

📊 Metadata

CVE ID: CVE-2021-31987

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-1286

Published: October 5, 2021

Last Updated: November 21, 2024

🔗 References

https://www.axis.com/files/tech_notes/CVE-2021-31987.pdf Vendor Advisory
https://www.axis.com/files/tech_notes/CVE-2021-31987.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31987, you might also want to check these: