Axis Communications Patches ‘Vulnerability’ in A1001 Network Door Controller
Vulnerability discovered in A1001 network door controller threatened the security of facilities where it’s installed.
CHELMSFORD, Mass. — Axis Communications says it has addressed a “vulnerability” in its A1001 network door controller after two employees of operational technology cybersecurity firm OTORIO uncovered what they called “a critical vulnerability” in the system.
The issue “involves the way (A1001) communicates, potentially exposing sensitive networks to unforeseen risks,” according to OTORIO’s complaint to the National Vulnerability Database.
“Such a flaw could pose a significant threat to facilities’ security and their internal IP networks,” the complaint says. “This discovery sheds light on potential risks to highly fortified OT networks, unintentionally blurring the line between physical and digital security.”
The exploit for this vulnerability, according to OTORIO, requires physical access to the RS-485 twisted pair cable situated at the rear of an access control reader, typically stationed at the entry of a secured facility or perimeter.
OTORIO has also successfully demonstrated a tamper protection bypass, the company says.
Why Axis Communications Patched A1001
“What sets this vulnerability apart is its potential for Remote Code Execution (RCE) on the internal access controller from outside of the facility,” says OTORIO in its report to NVD. “By exploiting the serial channel used for reader-controller communication, an attacker could gain unauthorized access to open doors or tamper with logs on the access controller.
“Even more alarmingly, this flaw could serve as a gateway to the internal IP network, irrespective of its segmentation or air-gapped status from the internet,” the report says.
An Axis Communications spokesperson says the company is confident it has addressed the problem.
“Ariel Harush and Roy Hodir from OTORIO found a flaw in the AXIS A1001 when communicating over OSDP,” the spokesperson says. “A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code.
“The vulnerability was assigned a 7.1 (High) severity via the CVSSv3.1 scoring system. Accordingly, Axis has addressed the vulnerability by releasing a patched version for affected devices that increases robustness of the OSDP message parser and patches the highlighted flaw. More details can be found on our vulnerability management page,” the Axis spokesperson says.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!