Multiple vulnerabilities in Carrier LenelS2 HID Mercury access panels
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-31479 CVE-2022-31480 CVE-2022-31481 |
| CWE-ID | CWE-693 CWE-425 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
LNL-X2210 Hardware solutions / Firmware LNL-X2220 Hardware solutions / Firmware LNL-X3300 Hardware solutions / Firmware LNL-X4420 Hardware solutions / Firmware LNL-4420 Hardware solutions / Firmware S2-LP-1501 Hardware solutions / Firmware S2-LP-4502 Hardware solutions / Firmware S2-LP-2500 Hardware solutions / Firmware S2-LP-1502 Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Protection Mechanism Failure
EUVDB-ID: #VU63965
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31479
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A remote attacker can update the hostname with a specially crafted name and execute arbitrary shell command during the core collection process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLNL-X2210: before 1.296
LNL-X2220: before 1.296
LNL-X3300: before 1.296
LNL-X4420: before 1.296
LNL-4420: before 1.296
S2-LP-1501: before 1.302
S2-LP-4502: before 1.302
S2-LP-2500: before 1.302
S2-LP-1502: before 1.302
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-153-01
http://www.corporate.carrier.com/Images/CARR-PSA-HID-Mercury-Vulnerabilities-006-0622_tcm558-170514...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Direct Request ('Forced Browsing')
EUVDB-ID: #VU63967
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31480
CWE-ID:
CWE-425 - Direct Request ('Forced Browsing')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. A remote attacker can upload arbitrary firmware files to the target device and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLNL-X2210: before 1.296
LNL-X2220: before 1.296
LNL-X3300: before 1.296
LNL-X4420: before 1.296
LNL-4420: before 1.296
S2-LP-1501: before 1.302
S2-LP-4502: before 1.302
S2-LP-2500: before 1.302
S2-LP-1502: before 1.302
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-153-01
http://www.corporate.carrier.com/Images/CARR-PSA-HID-Mercury-Vulnerabilities-006-0622_tcm558-170514...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU63968
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31481
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted update file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLNL-X2210: before 1.296
LNL-X2220: before 1.296
LNL-X3300: before 1.296
LNL-X4420: before 1.296
LNL-4420: before 1.296
S2-LP-1501: before 1.302
S2-LP-4502: before 1.302
S2-LP-2500: before 1.302
S2-LP-1502: before 1.302
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-153-01
http://www.corporate.carrier.com/Images/CARR-PSA-HID-Mercury-Vulnerabilities-006-0622_tcm558-170514...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
