#OSDPTool
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
infiniteempress
Empress Rose
311 posts
andriayounger
Andria Younger
7 posts
incorrect-jojolands-quotes
Totally Canon Quotes from Jojolands
868 posts
editcord-at-25
mod applications open !
21 posts
beautyonline79-blog
https://www.avon.uk.com/store/beautyonline79
136 posts
Fun Fact
Premium Tumblr themes are available from anywhere between $9 to $49.
osintelligence ยท 2 years ago
Link
https://bit.ly/3KjEjbg - ๐Ÿ”“ A potentially severe vulnerability, tracked as CVE-2023-21406, has been found in Axis Communications' network door controller. This could expose facilities to both physical and cyber threats. Axis offers network cameras and other physical security products worldwide. The flaw is a heap-based buffer overflow affecting the Axis A1001 network door controller, and patches have been released to address it. #CyberSecurity #AxisCommunications ๐Ÿ”ง The vulnerability relates to the Open Supervised Device Protocol (OSDP), an access control communications standard. The heap-based buffer overflow was found in the process handling the OSDP communication, allowing data writing outside the allocated buffer. This could be exploited to execute arbitrary code. The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that this product is widely used in commercial facilities. #CISA #OSDP ๐Ÿ“ก The flaw was discovered during a larger project by industrial cybersecurity firm Otorio, which focused on assessing security and potential risks from advancements in access control readers and controllers, specifically the assumedly secure OSDP. The vulnerability can be exploited by an attacker who has physical access to the RS-485 twisted pair cable at the back of an access control reader, typically at the entry point of a secured facility. #CybersecurityResearch #Otorio ๐Ÿšช An attacker can use the vulnerability to open doors and tamper with logs on the access controller to erase their tracks. Moreover, they can exploit the flaw to remotely execute code on the internal access controller from outside the targeted facility via the serial channel used for reader-controller communications. This could potentially serve as a gateway to the internal IP network, even if highly segmented or air-gapped from the internet. #DataProtection #AccessControl ๐Ÿ” As part of the same project, Otorio has found other vulnerabilities in access control products and has developed an OSDP assessment tool that it plans to release as open source in the future.
#CyberSecurity#AxisCommunications#CISA#OSDP#CybersecurityResearch#Otorio#DataProtection#AccessControl#OpenSource#OSDPTool#axiscommunications#securityproducts#bufferoverflow#accesscontrol#infrastructuresecurity#vulnerability#facilities#products#patch#cybersecurity#access
0 notes