Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
Taking advantage of these vulnerabilities, hackers can bypass authentication requests, forge detector configurations, and even execute arbitrary code on the device.
"An attacker can manipulate this module to remotely monitor metal detector statistics, such as whether alarms have been triggered or how many visitors have passed," the report said. by Cisco Talos revealed. "Hackers can also make configuration changes, such as changing device sensitivity, which can pose security risks to organizations that rely heavily on detectors. metal".
Cisco Talos security researcher Matt Wiseman discovered and reported the vulnerabilities on August 17, 2021. Patches were released by the vendor on 12/13/2021.
The vulnerabilities reside in the Garrett iC Module, which allows operators to communicate with pass-through gate metal detectors such as the Garrett PD 6500i or Garrett MZ 6100 using a computer over a wired or wireless network. It allows operators to perform remote device operations and monitoring in real time.
Here is the list of newly disclosed vulnerabilities:
- CVE-2021-21901 (CVSS score: 9.8), CVE-2021-21903 (CVSS score: 9.8), CVE-2021-21905 and CVE-2021-21906 (CVSS score: 8.2) - Vulnerability A stack-based buffer overflow can be triggered by sending a malicious packet to the device
- CVE-2021-21902 (CVSS score: 7.5) - Authentication bypass vulnerability stemming from a rare condition, which can be triggered by sending a request string
- CVE-2021-21904 (CVSS score: 9.1), CVE-2021-21907 (CVSS score: 4.9), CVE-2021-21908 and CVE-2021-21909 (CVSS score: 6.5) - Holes directory traversal vulnerability that can be exploited by sending specially crafted commands
By successfully exploiting the aforementioned vulnerabilities in the iC Module CMA version 5.0, an attacker can hijack an authenticated user's session, be able to read, write, or delete arbitrary files on the device and worse. is to lead to remote code execution.
Due to the severity of the vulnerabilities, units using metal detectors are advised to update the firmware to the latest version as soon as possible.
You should read it
- AMD patched a series of security holes in the graphics driver for Windows 10
- Top 30 serious security holes are being exploited by hackers the most
- Take a look at the most significant threats from the security world in 2019
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- Microsoft silently updated Windows 10 to patch 2 serious security holes
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- 10 interesting facts about black holes in the universe (Part 1)
- New security vulnerabilities on iOS 12.1 allow access to contacts and phone calls
May be interested
- How to block Windows Defender from sending data to Microsoftwindows defender regularly sends your computer data to microsoft to analyze and improve the program. however, sometimes it also causes microsoft to have more of your personal data such as: web cookies, interactions, frequently downloaded junk data...
- How to check if a URL is safe?cybersecurity is an issue that you need to be concerned about. while surfing the web, you will sometimes be directed to links containing viruses, malware and phishing.
- This is how Windows 11 and Windows 10 21H2 combat PrintNightmare, ransomware and other threatsmicrosoft has just released a new security base pack for windows 10 21h2 in the form of the microsoft security compliance toolkit.
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackersnot long after the log4j vulnerability was discovered, the patch was released. however, the irony is that this patch has holes.
- Microsoft patches vulnerability in Windows AppX Installer being used to spread Emotet malwaremicrosoft has patched a critical zero-day vulnerability in windows that is being exploited by cybercriminals to spread emotet malware.
- Add File/Folder to the exclusion list in Windows Securityhow to add file or folder to the exclusion list in windows security? the fastest and simplest way to add exceptions to windows defender