SB2025010848 - Multiple vulnerabilities in Össur Logic Application

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025010848

SB2025010848 - Multiple vulnerabilities in Össur Logic Application

Published: January 8, 2025

Security Bulletin ID SB2025010848
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2024-53683)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the valid set of credentials in a .js file and a static token for communication are obtained from the decompiled IPA. A local administrator can change the translation files, use the information to disrupt normal use of the application and weaken the integrity of normal use.


2) Command Injection (CVE-ID: CVE-2024-54681)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to multiple bash files are present in the application's private directory. A remote user can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Use of hard-coded credentials (CVE-ID: CVE-2024-45832)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to presence of hard-coded credentials in application code. An attacker with physical access can access the affected system and gain access unauthorized information.


Remediation

Install update from vendor's website.

References