Axon Security Advisory: Axon Dock Authentication Bypass

Security Advisory Release Date: August 16, 2016 | Vulnerability Identifier: AXON-1601

Summary

A vulnerability in the local web interface of Axon Dock devices could allow configuration changes to be made without authentication.

The vulnerability is due to improper implementation of authentication mechanisms for all files in the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Dock web interface. A successful exploit could allow the attacker to perform unauthorized configuration changes to the affected Dock device.

Axon has pushed a firmware update to affected devices to address this vulnerability.

Scope

This advisory applies to Axon Dock devices on firmware version 3.1 or earlier. Axon Docks on version 3.2 and above are not affected.

Impact

This vulnerability affects the configuration settings of the Axon Dock devices. A successful exploit could allow the attacker to perform unauthorized configuration changes to the affected Dock device. A Denial of Service attack could also be possible by deregistering the dock from Evidence.com or forcing the Dock system to repeatedly reboot.

This vulnerability does not affect the security of Evidence.com or your evidence data residing within. Additionally, video evidence that was transferred to Evidence.com via the Axon Dock is not affected and chain of custody requirements are still met as videos can be proven to be authentic with audit trails are in place.

Mitigations

Axon Docks should not be exposed to the internet and should be connected behind a firewall or secure network. The Axon Dock Installation Manual explains and puts forth strong recommendations to securing the Axon Dock on networks. If the Axon Dock is configured as recommended, the exploitation of this vulnerability would be limited to a malicious actor on, or exploiting resources on, the same local network as the Axon Dock device.

Suggested Actions

No action should be necessary by customers. Axon has pushed out a firmware update that fixes the issue.

Common Questions and Answers

1. What's the problem?

An authentication bypass vulnerability in the firmware could enable a malicious attacker to perform web requests to change Dock configurations.

2. How would an attacker seek to exploit this issue?

If an attacker were to gain network access to the web interface of an Axon Dock, specifically crafted web requests could be sent to change Dock configurations without authentication.

3. Which devices could be affected?

We have confirmed this vulnerability can be exploited on firmware version 3.1, however any version below 3.2 could be affected.

4. Has Axon seen evidence of this vulnerability being abused?

No, Axon has not observed, and is not aware of any active exploitation of this issue.

5. How will Axon be addressing this specific issue?

Axon has pushed a firmware update out to all Axon Docks addressing this vulnerability. The update is contained in the 3.2 revision.

6. How do I know if I have a device that contains a fix for this issue?

Customers can determine the version of firmware by connecting to the Dock web interface. The Status screen will display the firmware version. Any Firmware version 3.2.160726.1852 or higher is not affected by this vulnerability.