cvelistv5 - cve-2023-21406

CVE-2023-21406 (GCVE-0-2023-21406)

Vulnerability from cvelistv5 – Published: 2023-07-25 07:38 – Updated: 2024-11-08 08:38

Summary

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code. lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

Axis

References

URL

Tags

https://www.axis.com/dam/public/1b/21/5f/cve-2023…

Impacted products

	Vendor	Product	Version
	Axis Communications AB	AXIS A1001 Network Door Controller	Affected: AXIS OS 1.65.4 or earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:36:34.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T12:59:55.117555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T18:18:59.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AXIS A1001 Network Door Controller",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "status": "affected",
              "version": "AXIS OS 1.65.4 or earlier"
            }
          ]
        }
      ],
      "datePublic": "2023-07-25T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u0026nbsp;\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions."
            }
          ],
          "value": "Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T08:38:11.809Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Heap-based buffer overflow in Axis A1001 Network Door Controller\u0027s OSDP communication",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2023-21406",
    "datePublished": "2023-07-25T07:38:13.757Z",
    "dateReserved": "2022-11-04T18:30:01.766Z",
    "dateUpdated": "2024-11-08T08:38:11.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.65.4\", \"matchCriteriaId\": \"250BA4C3-1498-4C31-9199-ED26336E4467\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17AB03CB-201D-4838-AA48-EE2BEABB1DDE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\\nappending invalid data to an OSDP message it was possible to write data beyond the heap\\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\\u00a0\\n\\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\"}]",
      "id": "CVE-2023-21406",
      "lastModified": "2024-11-21T07:42:47.917",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-07-25T08:15:10.003",
      "references": "[{\"url\": \"https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf\", \"source\": \"product-security@axis.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@axis.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"product-security@axis.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-21406\",\"sourceIdentifier\":\"product-security@axis.com\",\"published\":\"2023-07-25T08:15:10.003\",\"lastModified\":\"2024-11-21T07:42:47.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\\nappending invalid data to an OSDP message it was possible to write data beyond the heap\\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\\n\\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-security@axis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.65.4\",\"matchCriteriaId\":\"250BA4C3-1498-4C31-9199-ED26336E4467\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17AB03CB-201D-4838-AA48-EE2BEABB1DDE\"}]}]}],\"references\":[{\"url\":\"https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf\",\"source\":\"product-security@axis.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:36:34.439Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21406\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-18T12:59:55.117555Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-18T13:03:02.706Z\"}}], \"cna\": {\"title\": \"Heap-based buffer overflow in Axis A1001 Network Door Controller\u0027s OSDP communication\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Axis Communications AB\", \"product\": \"AXIS A1001 Network Door Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"AXIS OS 1.65.4 or earlier\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-07-25T08:00:00.000Z\", \"references\": [{\"url\": \"https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\\nappending invalid data to an OSDP message it was possible to write data beyond the heap\\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\\u00a0\\n\\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\\nappending invalid data to an OSDP message it was possible to write data beyond the heap\\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u0026nbsp;\\n\\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"shortName\": \"Axis\", \"dateUpdated\": \"2024-11-08T08:38:11.809Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-21406\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T08:38:11.809Z\", \"dateReserved\": \"2022-11-04T18:30:01.766Z\", \"assignerOrgId\": \"f2daf9a0-02c2-4b83-a01d-63b3b304b807\", \"datePublished\": \"2023-07-25T07:38:13.757Z\", \"assignerShortName\": \"Axis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-21406

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-21406

Aliases

CVE-2023-21406

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-21406",
    "id": "GSD-2023-21406"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-21406"
      ],
      "details": "\nAriel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\n\n",
      "id": "GSD-2023-21406",
      "modified": "2023-12-13T01:20:26.440685Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@axis.com",
        "ID": "CVE-2023-21406",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AXIS A1001 Network Door Controller",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "AXIS OS 1.65.4 or earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Axis Communications AB"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nAriel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf",
            "refsource": "MISC",
            "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.65.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@axis.com",
          "ID": "CVE-2023-21406"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nAriel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-02T03:53Z",
      "publishedDate": "2023-07-25T08:15Z"
    }
  }
}

FKIE_CVE-2023-21406

Vulnerability from fkie_nvd - Published: 2023-07-25 08:15 - Updated: 2024-11-21 07:42

Severity ?

7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	product-security@axis.com	https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	axis	a1001_firmware	*
	axis	a1001	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "250BA4C3-1498-4C31-9199-ED26336E4467",
              "versionEndIncluding": "1.65.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17AB03CB-201D-4838-AA48-EE2BEABB1DDE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions."
    }
  ],
  "id": "CVE-2023-21406",
  "lastModified": "2024-11-21T07:42:47.917",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.5,
        "source": "product-security@axis.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-25T08:15:10.003",
  "references": [
    {
      "source": "product-security@axis.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
    }
  ],
  "sourceIdentifier": "product-security@axis.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "product-security@axis.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ICSA-23-206-01

Vulnerability from csaf_cisa - Published: 2023-07-25 00:00 - Updated: 2023-07-25 00:00

Summary

AXIS A1001

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

Critical infrastructure sectors

Commercial Facilities

Countries/areas deployed

Worldwide

Company headquarters location

Sweden

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ariel Harush",
          "Roy Hodir"
        ],
        "organization": "OTORIO",
        "summary": "reporting this vulnerability to AXIS Communications"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Sweden",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-206-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-206-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-23-206-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "AXIS A1001",
    "tracking": {
      "current_release_date": "2023-07-25T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-23-206-01",
      "initial_release_date": "2023-07-25T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2023-07-25T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.65.4",
                "product": {
                  "name": "AXIS A1001: \u003c= 1.65.4",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "AXIS A1001"
          }
        ],
        "category": "vendor",
        "name": "Axis Communications"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21406",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap-based buffer overflow vulnerability exists in the AXIS 1001 versions 1.65.4 and prior. When communicating over the Open Supervised Device Protocol (OSDP), the pacsiod process that handles the OSDP communication allows for writing outside of the allocated buffer. By appending invalid data to an OSDP message, it is possible to write data beyond the heap allocated buffer. The data written outside the buffer could allow an attacker to execute arbitrary code.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21406"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Axis has released a patched version for affected devices that fixes the vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Axis recommends users to update the device software. The latest Axis device software, for AXIS A1001, can be found here.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.axis.com/support/firmware"
        },
        {
          "category": "mitigation",
          "details": "For further assistance and questions, please contact AXIS Technical Support.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.axis.com/support"
        },
        {
          "category": "mitigation",
          "details": "For more information on this vulnerability, please visit the Axis vulnerability management portal.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.axis.com/support/cybersecurity/vulnerability-management"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-202307-2464

Vulnerability from variot - Updated: 2024-04-28 22:38

lease refer to the Axis security advisory for more information, mitigation and affected products and software versions. Axis Communications Provided by A1001 Network Door Controller The following vulnerabilities exist in. It was * by a third party on a neighboring network, Open Supervised Device Protocol (( OSDP ) adds invalid data to the message and executes arbitrary code

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-2464",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "a1001",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "axis",
        "version": "1.65.4"
      },
      {
        "model": "axis a1001",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30af\u30b7\u30b9\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u30ba",
        "version": null
      },
      {
        "model": "axis a1001",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30a2\u30af\u30b7\u30b9\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u30ba",
        "version": "axis a1001  firmware  1.65.4  and earlier  s"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.65.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "cve": "CVE-2023-21406",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "author": "product-security@axis.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "impactScore": 5.5,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-21406",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-21406",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "product-security@axis.com",
            "id": "CVE-2023-21406",
            "trust": 1.0,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\nAriel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code. \u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions. Axis Communications Provided by A1001 Network Door Controller The following vulnerabilities exist in. It was * by a third party on a neighboring network, Open Supervised Device Protocol (( OSDP ) adds invalid data to the message and executes arbitrary code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-21406",
        "trust": 2.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-206-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95576289",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "id": "VAR-202307-2464",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5625
  },
  "last_update_date": "2024-04-28T22:38:09.133000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Welcome\u00a0to\u00a0Axis\u00a0support Axis\u00a0Communications",
        "trust": 0.8,
        "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-us-407245.pdf"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-us-407245.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95576289/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21406"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "date": "2023-07-25T08:15:10.003000",
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-04-24T09:09:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      },
      {
        "date": "2023-08-02T03:53:46.127000",
        "db": "NVD",
        "id": "CVE-2023-21406"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Axis\u00a0Communications\u00a0 Made \u00a0A1001\u00a0 Heap-based buffer overflow vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002721"
      }
    ],
    "trust": 0.8
  }
}

GHSA-M2FP-C5WR-XJPH

Vulnerability from github – Published: 2023-07-25 09:30 – Updated: 2024-11-08 09:30

Details

lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.

Severity ?

7.1 (High)


                  
                    CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-21406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-122",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-25T08:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nAriel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code.\u00a0\n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\n\n",
  "id": "GHSA-m2fp-c5wr-xjph",
  "modified": "2024-11-08T09:30:29Z",
  "published": "2023-07-25T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21406"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0580

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Axis. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Axis	N/A	AXIS A1610 (-B) versions 11.x antérieures à 11.6.16.1
Axis	N/A	AXIS A1601 versions antérieures à 10.12.171.1
Axis	N/A	AXIS A1610 (-B) versions antérieures à 10.12.172.1
Axis	N/A	AXIS A1001 versions antérieures à 1.65.5
Axis	N/A	AXIS A1210 (-B) versions 11.x antérieures à 11.6.16.1
Axis	N/A	AXIS A8207 AXIS OS versions 11.x antérieures 11.5.54
Axis	N/A	AXIS A8207 MKII AXIS OS versions antérieures 11.5.54
Axis	N/A	AXIS A8207 MKII AXIS OS versions antérieures 10.12.182
Axis	N/A	AXIS A8207 AXIS OS versions antérieures 10.12.182
Axis	N/A	AXIS A1601 versions 11.x antérieures à 11.6.16.1

References

Title

Publication Time

Tags

Bulletin de sécurité Axis 407244 du 25 juillet 2023	None	vendor-advisory
Bulletin de sécurité Axis 407245 du 25 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AXIS A1610 (-B) versions 11.x ant\u00e9rieures \u00e0 11.6.16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1601 versions ant\u00e9rieures \u00e0 10.12.171.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1610 (-B) versions ant\u00e9rieures \u00e0 10.12.172.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1001 versions ant\u00e9rieures \u00e0 1.65.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1210 (-B) versions 11.x ant\u00e9rieures \u00e0 11.6.16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 AXIS OS versions 11.x ant\u00e9rieures 11.5.54",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 MKII AXIS OS versions ant\u00e9rieures 11.5.54",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 MKII AXIS OS versions ant\u00e9rieures 10.12.182",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 AXIS OS versions ant\u00e9rieures 10.12.182",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1601 versions 11.x ant\u00e9rieures \u00e0 11.6.16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21406"
    },
    {
      "name": "CVE-2023-21405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21405"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0580",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis 407244 du 25 juillet 2023",
      "url": "https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis 407245 du 25 juillet 2023",
      "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
    }
  ]
}

CERTFR-2023-AVI-0580

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Axis	N/A	AXIS A1610 (-B) versions 11.x antérieures à 11.6.16.1
Axis	N/A	AXIS A1601 versions antérieures à 10.12.171.1
Axis	N/A	AXIS A1610 (-B) versions antérieures à 10.12.172.1
Axis	N/A	AXIS A1001 versions antérieures à 1.65.5
Axis	N/A	AXIS A1210 (-B) versions 11.x antérieures à 11.6.16.1
Axis	N/A	AXIS A8207 AXIS OS versions 11.x antérieures 11.5.54
Axis	N/A	AXIS A8207 MKII AXIS OS versions antérieures 11.5.54
Axis	N/A	AXIS A8207 MKII AXIS OS versions antérieures 10.12.182
Axis	N/A	AXIS A8207 AXIS OS versions antérieures 10.12.182
Axis	N/A	AXIS A1601 versions 11.x antérieures à 11.6.16.1

References

Title

Publication Time

Tags

Bulletin de sécurité Axis 407244 du 25 juillet 2023	None	vendor-advisory
Bulletin de sécurité Axis 407245 du 25 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AXIS A1610 (-B) versions 11.x ant\u00e9rieures \u00e0 11.6.16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1601 versions ant\u00e9rieures \u00e0 10.12.171.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1610 (-B) versions ant\u00e9rieures \u00e0 10.12.172.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1001 versions ant\u00e9rieures \u00e0 1.65.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1210 (-B) versions 11.x ant\u00e9rieures \u00e0 11.6.16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 AXIS OS versions 11.x ant\u00e9rieures 11.5.54",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 MKII AXIS OS versions ant\u00e9rieures 11.5.54",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 MKII AXIS OS versions ant\u00e9rieures 10.12.182",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A8207 AXIS OS versions ant\u00e9rieures 10.12.182",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    },
    {
      "description": "AXIS A1601 versions 11.x ant\u00e9rieures \u00e0 11.6.16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Axis",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21406"
    },
    {
      "name": "CVE-2023-21405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21405"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0580",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Axis.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Axis",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis 407244 du 25 juillet 2023",
      "url": "https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Axis 407245 du 25 juillet 2023",
      "url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-21406 (GCVE-0-2023-21406)

GSD-2023-21406

FKIE_CVE-2023-21406

ICSA-23-206-01

VAR-202307-2464

GHSA-M2FP-C5WR-XJPH

CERTFR-2023-AVI-0580

Solution

CERTFR-2023-AVI-0580

Solution

Tags

Sightings

Nomenclature