www.belgium.be Logo of the federal government

WARNING: CRITICAL VULNERABILITIES IN PTZOPTICS DEVICES RESULT IN ARBITRARY COMMAND EXECUTION WHEN COMBINED. PATCH IMMEDIATELY!

Référence: 
Advisory #2024-256
Version: 
1.0
Logiciels concernés : 
PTZOptics PT30X-SDI/NDI-xx < 6.3.40
Type: 
Insufficient Authentication & OS Command Injection
CVE/CVSS: 

CVE-2024-8956
CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVE-2024-8957
CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Risques

Two critical vulnerabilities have been identified in PTZOptics camera devices. First, the device does not enforce authentication on requests to /cgi-bin/param.cgi that lack an HTTP Authorization header, potentially exposing sensitive configurations. Second, insufficient validation of the ntp_addr configuration parameter can enable arbitrary command execution when the ntp_client is initiated.

These vulnerabilities are currently under active exploitation.

Furthermore, the vulnerability has a high impact on confidentiality, integrity, and availability.

Description

When these vulnerabilities are combined, a remote and unauthenticated attacker can fully compromise the affected devices by first gaining unauthorized access to sensitive data and configuration settings and then executing arbitrary OS commands. This can result in complete system takeover, leading to significant security risks and operational disruptions.

Actions recommandées

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Références