CISA Alerts: January 30, 2024 FIRMWARE

cybersecurity-hack

CISA Alert Highlights for January 30, 2024

How are Vulnerabilities Rated?

These latest firmware vulnerabilities focus on routers, NVIDIA products, and a basic Intel computer that have been recently released by CISA in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). These product vulnerabilities, including Hongian routers, Intel® NUC BIOS, Hongdian routers, NVIDIA CPUs have all been rated as high-risk per the criteria listed below.

These vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

CISA FIRMWARE Vulnerabilities for January 2024

Vendor/Product: hihonor -- nth-an00_firmware

Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

Published Date:  12/29/2023

CVSS Score:  7.1

Source:  CVE-2023-23433

Patch Info: Incorrect Privilege Assignment in Some Honor Products | HONOR Global (hihonor.com)

Vendor/Product:  gl-inet -- gl-ax1800_firmware

Description:  An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Impact:  It allows an attacker to easily gain access to a system without knowing a valid username and password. Addressing this vulnerability often requires redesigning the authentication mechanism of the system, avoiding hard-coding credentials in the code, and adopting more secure authentication methods, such as using hash password stores and salt values to protect user credentials.

Published Date:  01/12/2024

CVSS Score:  9.8

Source:  CVE-2023-50919

Patch Info:  cve@mitre.org

Vendor/Product:  Hongdian -- h8951-4g-esp_firmware

Description:  Root user password is hardcoded into the device and cannot be changed in the user interface.

Impact: This vulnerability is a predefined root password. Root user password is hardcoded into the device and cannot be changed in the user interface.

Vulnerability Type: 

Published Date:  01/12/2024

CVSS Score:  9.8

Source:  CVE-2023-49253

Patch Info:  https://cert.pl/en/posts/2024/01/CVE-2023-49253/

Vendor/Product:  Hongdian -- h8951-4g-esp_firmware

Description:  The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.

Published Date:  01/12/2024

CVSS Score:  9.8

Source:  CVE-2023-49255

Patch Info:  https://cert.pl/posts/2024/01/CVE-2023-49253

Vendor/Product:  hongdian -- h8951-4g-esp_firmware

Description:  The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.

Published Date:  01/12/2024

CVSS Score:  9.8

Source:  CVE-2023-49262

Patch Info:  Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska

The manufacturer, Hongdian Company, has removed vulnerabilities in version (build) 2310271149, which was confirmed by the reporter.

Vendor/Product:  hongdian -- h8951-4g-esp_firmware

Description:  Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.

Published Date:  01/12/2024

CVSS Score:  8.8

Source:  CVE-2023-49254

Patch Info:  Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska

Vendor/Product:  hongdian -- h8951-4g-esp_firmware

Description:  An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.

Published Date: 01/12/2024

CVSS Score: 8.8

Source:  CVE-2023-49257

Patch Info:  https://cert.pl/en/posts/2024/01/CVE-2023-49253/

Vendor/Product:   hongdian -- h8951-4g-esp_firmware

Description:  It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.

Published Date:  01/12/2024

CVSS Score:  7.5

Source:  CVE-2023-49256

Patch Info:  Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska

Vendor/Product:  hongdian -- h8951-4g-esp_firmware

Description:  The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

Published Date:  01/12/2024

CVSS Score:  7.5

Source:  CVE-2023-49259

Patch Info:  Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polskaa

Vendor/Product:  hongdian -- h8951-4g-esp_firmware

Description:   The "tokenKey" value used in user authorization is visible in the HTML source of the login page.

Published Date:  01/12/2024

CVSS Score:  7.5

Source:  CVE-2023-49261

Patch Info:  Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska

Vendor/Product:  intel -- intel_nuc_bios_firmware

Description:  Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Published Date:  01/19/2024

CVSS Score:  7.5

Source:  CVE-2023-28738

Patch Info:  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html

Vendor/Product:  intel -- intel_nuc_bios_firmware

Description:  Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.

Published Date:  01/19/2024

CVSS Score:  7.5

Source:  CVE-2023-28743

Patch Info:  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html

Vendor/Product:  intel -- intel_nuc_bios_firmware

Description:  Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.

Published Date:  01/19/2024

CVSS Score:  7.5

Source:  CVE-2023-29495

Patch Info:  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html

Vendor/Product:  intel -- intel_nuc_bios_firmware

Description:  Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Published Date:  01/19/2024

CVSS Score:  7.5

Source:  CVE-2023-38587

Patch Info:  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html

Vendor/Product:  intel -- intel_nuc_bios_firmware

Description:  Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Published Date:  01/19/2024

CVSS Score:  7.5

Source:  CVE-2023-42429

Patch Info:  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Published Date:  01/12/2024

CVSS Score:  9.5

Source:  CVE-2023-31024

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Published Date:  01/12/2024

CVSS Score:  9.8

Source:  CVE-2023-31030

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

Published Date:  01/12/2024

CVSS Score:  8

Source:  CVE-2023-31033

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

Published Date:  01/12/2024

CVSS Score:  7.5

Source:  CVE-2023-31025

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

Published Date:  01/12/2024

CVSS Score:  7.8

Source:  CVE-2023-31031

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Published Date:  01/12/2024

CVSS Score:  7.8

Source:  CVE-2023-31034

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

Vendor/Product:  nvidia -- dgx_a100_firmware

Description:  NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Published Date:  01/12/2024

CVSS Score:  7.8

Source:  CVE-2023-31035

Patch Info:  https://nvidia.custhelp.com/app/answers/detail/a_id/5510

If you suspect you may have a vulnerability that you need help to mitigate, the cybersecurity team Spry Squared is standing by.