Cybersecurity researchers have disclosed a number of safety flaws in Cinterion mobile modems that might be doubtlessly exploited by menace actors to entry delicate info and obtain code execution.
“These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, healthcare, automotive, financial and telecommunications sectors,” Kaspersky mentioned.
Cinterion modems had been initially developed by Gemalto earlier than the enterprise was acquired by Telit from Thales as a part of a deal introduced in July 2022.
The findings had been introduced on the OffensiveCon held in Berlin on Could 11. The listing of eight flaws is as follows –
- CVE-2023-47610 (CVSS rating: 8.1) – A buffer overflow vulnerability that might enable a distant unauthenticated attacker to execute arbitrary code on the focused system by sending a specifically crafted SMS message.
- CVE-2023-47611 (CVSS rating: 7.8) – An improper privilege administration vulnerability that might enable a neighborhood, low-privileged attacker to raise privileges to producer degree on the focused system.
- CVE-2023-47612 (CVSS rating: 6.8) – A recordsdata or directories accessible to exterior events vulnerability that might enable an attacker with bodily entry to the goal system to acquire learn/write entry to any recordsdata and directories on the focused system, together with hidden recordsdata and directories.
- CVE-2023-47613 (CVSS rating: 4.4) – A relative path traversal vulnerability that might enable a neighborhood, low-privileged attacker to flee from digital directories and get learn/write entry to protected recordsdata on the focused system.
- CVE-2023-47614 (CVSS rating: 3.3) – An publicity of delicate info vulnerability that might enable a neighborhood, low-privileged attacker to reveal hidden digital paths and file names on the focused system.
- CVE-2023-47615 (CVSS rating: 3.3) – An publicity of delicate info by way of environmental variables vulnerability that might enable a neighborhood, low-privileged attacker to acquire unauthorized entry to the focused system.
- CVE-2023-47616 (CVSS rating: 2.4) – An publicity of delicate info vulnerability that might enable an attacker with bodily entry to the goal system to get entry to delicate knowledge on the focused system.
Probably the most extreme of the weaknesses is CVE-2023-47610, a heap overflow vulnerability within the modem that permits distant attackers to execute arbitrary code by way of SMS messages.
Moreover, the entry might be weaponized to control RAM and flash reminiscence, thereby permitting the attackers to exert extra management of the modem with out authentication or requiring bodily entry.
The remaining vulnerabilities stem from safety lapses within the dealing with of MIDlets, which seek advice from Java-based functions operating inside the modems. They might be abused to bypass digital signature checks and permit unauthorized code execution with elevated privileges.
Safety researchers Sergey Anufrienko and Alexander Kozlov have been credited with discovering and reporting the issues, which had been formally revealed by Kaspersky ICS CERT in a sequence of advisories revealed on November 8, 2023.
“Since the modems are typically integrated in a matryoshka-style within other solutions, with products from one vendor stacked atop those from another, compiling a list of affected end products is challenging,” Evgeny Goncharov, head of Kaspersky ICS CERT, mentioned.
To mitigate potential threats, organizations are really useful to disable non-essential SMS messaging capabilities, make use of non-public Entry Level Names (APNs), management bodily entry to gadgets, and conduct common safety audits and updates.
The Hacker Information has reached out to Telit for extra info on the issues, and we are going to replace the story as soon as we hear again.
