Security
Headlines
HeadlinesLatestCVEs

Headline

DiCal-RED 4009 Outdated Third Party Components

DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.

Packet Storm
#sql#vulnerability#web#linux#js#auth#ssh#wifi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2024-041
Product: DiCal-RED
Manufacturer: Swissphone Wireless AG
Affected Version(s): Unknown
Tested Version(s): 4009
Vulnerability Type: Use of Unmaintained Third Party Components (CWE-1104)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-16
Solution Date: None
Public Disclosure: 2024-08-20
CVE Reference: CVE-2016-5195, CVE-2016-7406, CVE-2019-12815 and others
Author of Advisory: Sebastian Hamann, SySS GmbH


Overview:

DiCal-RED is a radio module for communication between emergency vehicles and  
control rooms. It provides Ethernet, Wi-Fi and cellular network connectivity  
and runs a Linux- and BusyBox-based operating system.

The manufacturer describes the product as follows (see [1]):

"The DiCal-Red radio data module reliably guides you to your destination. This  
is ensured by the linking of navigation (also for the transmission of position  
data) and various radio modules."

Due to the use of unmaintained third-party software components, the device is  
vulnerable to numerous known security issues.

Vulnerability Details:

The device’s operating system is based on several well-known open-source
products, such as the Linux kernel, the Dropbear SSH server and the
ProFTPD FTP server.

In particular, it runs the following versions:

ProductVersionReleased
Linux kernel3.14.35March 2015
Dropbear2013.56March 2013
ProFTPD1.3.3gNovember 2011

There are several publicly known security issues that affect these software
versions, such as CVE-2016-5195, CVE-2016-7406 or CVE-2019-12815.


Proof of Concept (PoC):

None

Solution:

The manufacturer recommends not running the device in an untrusted network.


Disclosure Timeline:

2024-02-29: Vulnerability discovered  
2024-04-16: Vulnerability reported to manufacturer  
2024-05-10: Manufacturer states that the vulnerability will not be fixed  
2024-05-14: Vulnerability reported to CERT-Bund  
2024-08-13: CERT-Bund informs us that the vendor declared the product EOL  
2024-08-20: Public disclosure of vulnerability

References:

[1] Product website for DiCal-RED
https://www.swissphone.com/solutions/components/terminals/radio-data-module-dical-red/
[2] SySS Security Advisory SYSS-2024-041
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-041.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/responsible-disclosure-policy


Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: [email protected]  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc  
Key ID: 0x9CE0E440429D8B96  
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

Disclaimer:

The information provided in this security advisory is provided “as is”
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.


Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAmbEQgQACgkQnODkQEKd  
i5bc5A//bNGaYSQgB48TQes7HlvC5hsYWgtFZU6xdI+V6SEkeGkMGAPfItRDjgAt  
fUxbP+UZbjkgBZuHk5wJJYFWYEHE7a+PFJW7JC3kwioVqanrxzlST/PCCIyxNFZR  
Jy/bwC0EkE5xsyDrOmMbfBAOicObLChmXw7XuN5ec14VUPNjrBL++iYH2Y694ZnC  
sP+sxD7g2QDxTllHkpIcWVZN0T/hH3RHOS5SM0Kv8SfDln38lOSuPbMkr/V/wmpG  
FWpjgYWjtSLFQwozJWxEbp/X6/nwxTIRM1/kTgjNeBZDa74mIGPdxPLDKXYlytI6  
/Wrj6PjN+UjA6fbxb+LvYdtx/xQ98gPj5k84/qlQ8fNO24bSq3VUOcoATm640TtM  
9MEjr38rF/FPksufef1gj45m9/HgnPSeXyVkf5XZR6ipb9Mc+elpO7f+YivY5wfB  
DOuEiYaCJsQL+7KZrVR2c3+4rVTQOiUOzRT8QUPu0//naHfLDtq0DRAlRJQHzIiY  
2xqJPvs4XcmctsokqvbHGikPROEU36cJSBKdSqrorLmC6EU0fPF4c3EzGVSRkHpT  
LOhIjACUWteOLjh3BJhXAobS1jIwS73HUFO+Vr1RT54lhrmXlWIW8WrexDrdA9mz  
ALGeZDjb5uH8Y4DQ5oWOXVbK8eSFAJc/FRRDMRHsiAMWWozOBik=  
=R39e  
-----END PGP SIGNATURE-----

Related news

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing's intelligence

CVE-2022-2590: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.

CVE-2022-26482: Security Center

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2019-12815: ProFTPd CVE-2019-12815

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

CVE-2018-3064: CPU July 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution