Meinberg LANTIME firmware update for third-party components (January 2024)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2023-48795 CVE-2023-42465 CVE-2023-6918 CVE-2023-6004 CVE-2023-39804 CVE-2023-46218 CVE-2023-46219 CVE-2021-46854 CVE-2023-5363 CVE-2023-34969 CVE-2022-3715 CVE-2023-32643 CVE-2023-32611 CVE-2023-29499 CVE-2023-32665 CVE-2023-32636 |
| CWE-ID | CWE-326 CWE-287 CWE-252 CWE-78 CWE-121 CWE-200 CWE-311 CWE-401 CWE-310 CWE-264 CWE-122 CWE-400 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
LANTIME Operating System Firmware (LTOS) Hardware solutions / Firmware |
| Vendor | Meinberg |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Inadequate encryption strength
EUVDB-ID: #VU84537
Risk: Low
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-48795
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:*:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Improper Authentication
EUVDB-ID: #VU85764
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42465
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to insufficient resistance to rowhammer attacks. A local user can bypass authentication process and gain unauthorized access to the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Unchecked Return Value
EUVDB-ID: #VU84540
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6918
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libssh does not check for returned values of message digest (MD) operations in low memory conditions. A remote attacker can terminate the connection or force the library to use weak keys.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) OS Command Injection
EUVDB-ID: #VU84538
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6004
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.
Mitigation
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU84035
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-39804
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xattr_decoder() function in xheader.c. A remote attacker can trick the victim to open a specially crafted tar/pax archive with an overly long xattr key, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU83900
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-46218
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Missing Encryption of Sensitive Data
EUVDB-ID: #VU83899
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-46219
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when handling HSTS long file names. When saving HSTS data to an excessively long file name, curl can end
up removing all contents from the file, making subsequent requests using that file
unaware of the HSTS status they should otherwise use. As a result, a remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU75703
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak in mod_radius. A remote attacker can force the application to disclose memory to the RADIUS server.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cryptographic issues
EUVDB-ID: #VU82349
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5363
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing key and initialisation vector lengths in EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() function. A remote attacker can gain access to potentially sensitive information.
The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU78490
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-34969
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU71454
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3715
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in valid_parameter_transform() function in GNU bash. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.002:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU77352
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32643
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the g_variant_serialised_get_child() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.003:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU77350
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32611
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the g_variant_byteswap() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.004:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU77351
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29499
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.005:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource exhaustion
EUVDB-ID: #VU77349
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32665
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.005:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.006:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU77348
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted GVariants to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.08.006
CPE2.3- cpe:2.3:h:meinberg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.005:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.006:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg:ltos:7.04.007:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
