CVE-2023-21406
📋 TL;DR
A heap-based buffer overflow vulnerability in AXIS A1001's OSDP communication handler allows attackers to write data beyond allocated memory boundaries. This could lead to arbitrary code execution on affected devices. Organizations using AXIS A1001 access control systems with OSDP communication enabled are affected.
💻 Affected Systems
- AXIS A1001 Network Door Controller
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, lateral movement within access control networks, and physical security bypass.
Likely Case
Device crash/reboot causing temporary access control system disruption, or limited code execution for reconnaissance.
If Mitigated
Denial of service through device crashes if exploit attempts are blocked but not fully mitigated.
🎯 Exploit Status
Exploitation requires sending specially crafted OSDP messages to the vulnerable pacsiod process. No public exploit code available as of knowledge cutoff.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware 2.90.1 and later
Vendor Advisory: https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf
Restart Required: Yes
Instructions:
1. Download firmware 2.90.1 or later from Axis website. 2. Upload firmware to AXIS A1001 via web interface. 3. Apply firmware update. 4. Reboot device to complete installation.
🔧 Temporary Workarounds
Disable OSDP Communication
allTemporarily disable OSDP protocol if not required for operations
Access AXIS A1001 web interface > Configuration > Communication > Disable OSDP
Network Segmentation
allIsolate AXIS A1001 devices on separate VLAN with strict firewall rules
🧯 If You Can't Patch
- Implement strict network segmentation to isolate AXIS A1001 devices from untrusted networks
- Deploy intrusion detection systems to monitor for OSDP protocol anomalies and exploit attempts
🔍 How to Verify
Check if Vulnerable:
Check firmware version via web interface: System > Support > About. If version is below 2.90.1 and OSDP is enabled, device is vulnerable.Check Version:
curl -k https://[device-ip]/axis-cgi/admin/param.cgi?action=list&group=Properties.Firmware.VersionVerify Fix Applied:
Verify firmware version is 2.90.1 or higher via System > Support > About in web interface.📡 Detection & Monitoring
Log Indicators:
- Multiple OSDP protocol parsing errors
- pacsiod process crashes/restarts
- Unusual OSDP message patterns
Network Indicators:
- OSDP traffic with malformed packets
- OSDP messages with unusually large payloads
- Traffic to AXIS A1001 on OSDP ports (default 6000)
SIEM Query:
source="axis-a1001" AND (event_type="process_crash" AND process="pacsiod" OR message="*OSDP*error*")